Download
| Alert*
oval:org.secpod.oval:def:509074
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: curl: information disclosure by exploiting a mixed case flaw For more details about the security issue, including the impact, a ... oval:org.secpod.oval:def:89051262 This update for curl fixes the following issues: * CVE-2023-46218: Fixed cookie mixed case PSL bypass . * CVE-2023-46219: HSTS long file name clears contents . oval:org.secpod.oval:def:708643 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:89051244 This update for curl fixes the following issues: * CVE-2023-46218: Fixed cookie mixed case PSL bypass . * CVE-2023-46219: HSTS long file name clears contents . oval:org.secpod.oval:def:96940 Two security issues were discovered in Curl: Cookies were incorrectly validated against the public suffix list of domains and in same cases HSTS data could fail to save to disk. oval:org.secpod.oval:def:19500563 This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains.It could do this by exploiting a mixed ... oval:org.secpod.oval:def:612880 Two security issues were discovered in Curl: Cookies were incorrectly validated against the public suffix list of domains and in same cases HSTS data could fail to save to disk. oval:org.secpod.oval:def:96498 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1507373 [7.76.1-26.el9_3.3] - cap SFTP packet size sent - lowercase the domain names before PSL checks oval:org.secpod.oval:def:98535 The host is missing a patch containing a security fixes, which affects the following package(s): oss.lib.libcurl oval:org.secpod.oval:def:126866 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:126888 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:96781 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1702254 This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains.It could do this by exploiting a mixed ... oval:org.secpod.oval:def:1702030 This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains.It could do this by exploiting a mixed ... oval:org.secpod.oval:def:2600518 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. oval:org.secpod.oval:def:19500686 This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains.It could do this by exploiting a mixed ... oval:org.secpod.oval:def:89051257 This update for curl fixes the following issues: * CVE-2023-38546: Fixed a cookie injection with none file . * CVE-2023-46218: Fixed cookie mixed case PSL bypass . oval:org.secpod.oval:def:509171 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: curl: information disclosure by exploiting a mixed case flaw curl: more POST-after-PUT confusion curl: cookie injection with n ... oval:org.secpod.oval:def:4501559 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: information disclosure by exploiting a mixed case flaw * curl: more POST-after-PUT confusion * curl: cookie injection ... oval:org.secpod.oval:def:1507438 [7.61.1-33.5] - cap SFTP packet size sent - when keyboard-interactive auth fails, try password - unify the upload/method handling - fix cookie injection with none file - lowercase the domain names before PSL checks oval:org.secpod.oval:def:2501361 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. |