Download
| Alert*
oval:org.secpod.oval:def:1801927
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. oval:org.secpod.oval:def:1601174 This issue only affects the "curl" command line utility. Additionally, this is only an issue when using the "-J" and "-i" command line options combined. In most cases, there is nothing to gain for a local attacker here: the curl command line utility is likely running with the same privileges as the ... oval:org.secpod.oval:def:89000594 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option . oval:org.secpod.oval:def:63944 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:2003829 This CVE is missing description oval:org.secpod.oval:def:505186 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: Incorrect argument check can allow remote servers to overwrite local files For more details about the security issue, i ... oval:org.secpod.oval:def:89000631 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option . oval:org.secpod.oval:def:1504322 [7.61.1-14] - avoid overwriting a local file with -J [7.61.1-13] - load built-in openssl engines oval:org.secpod.oval:def:1700372 command line arguments lead to local file overwrite oval:org.secpod.oval:def:64162 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:705520 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:2106297 Oracle Solaris 11 - ( CVE-2019-5481 ) oval:org.secpod.oval:def:67979 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: Incorrect argument check can allow remote servers to overwrite local files For more details about the security issue, i ... oval:org.secpod.oval:def:70226 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:89000620 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option . oval:org.secpod.oval:def:504780 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: Incorrect argument check can allow remote servers to overwrite local files For more details about the security issue, i ... oval:org.secpod.oval:def:70125 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:89000008 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option . oval:org.secpod.oval:def:89000503 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option . oval:org.secpod.oval:def:118550 cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. cURL offers many useful capabilities, like proxy support, user authentication, FTP ... oval:org.secpod.oval:def:1503084 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:118396 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:205695 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: Incorrect argument check can allow remote servers to overwrite local files For more details about the security issue, i ... oval:org.secpod.oval:def:89050437 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option . - CVE-2020-8169: Fixed an issue where could have led to partial password leak over DNS on HTTP redirect . oval:org.secpod.oval:def:71227 Multiple vulnerabilities were discovered in cURL, an URL transfer library: CVE-2020-8169 Marek Szlagor reported that libcurl could be tricked into prepending a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server ... oval:org.secpod.oval:def:605476 Multiple vulnerabilities were discovered in cURL, an URL transfer library: CVE-2020-8169 Marek Szlagor reported that libcurl could be tricked into prepending a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server ... |