Download
| Alert*
oval:org.secpod.oval:def:1600754
FILE buffer read out of bounds TFTP sends more than buffer size URL globbing out of bounds read oval:org.secpod.oval:def:1800733 CVE-2017-1000100: TFTP sends more than buffer size When doing an TFTP upload and curl/libcurl is given a URL that contains a very long file name , the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too larg ... oval:org.secpod.oval:def:1800855 CVE-2017-1000100: TFTP sends more than buffer size; When doing an TFTP upload and curl/libcurl is given a URL that contains a very long file name , the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too lar ... oval:org.secpod.oval:def:1800283 CVE-2017-1000100: TFTP sends more than buffer size. When doing an TFTP upload and curl/libcurl is given a URL that contains a very long file name , the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too lar ... oval:org.secpod.oval:def:1800233 CVE-2017-1000099: FILE buffer read out of bounds¶ When asking to get a file from a file:// URL, libcurl provides a feature thatoutputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user , which could lead to other private data from the ... oval:org.secpod.oval:def:42914 The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 or before 10.13.1 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle an out-of-bounds read. Successful exploitation could allow attackers to cause an unexpected ... oval:org.secpod.oval:def:89044812 This update for curl fixes the following issues: - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service - CVE-2017-1000101: URL globbing out of bounds read could lead to a denial of service oval:org.secpod.oval:def:70594 Several vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-1000100 Even Rouault reported that cURL does not properly handle long file names when doing an TFTP upload. A malicious HTTP ser ... oval:org.secpod.oval:def:2101924 curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a care ... oval:org.secpod.oval:def:113034 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:113011 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:603123 Several vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-1000100 Even Rouault reported that cURL does not properly handle long file names when doing an TFTP upload. A malicious HTTP ser ... oval:org.secpod.oval:def:703853 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:51917 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:505099 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The following packages have been upgraded to a later upstream version: httpd24-httpd , httpd ... oval:org.secpod.oval:def:42910 The host is missing a security update according to Apple advisory, APPLE-SA-2017-10-31-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... |