Download
| Alert*
oval:org.secpod.oval:def:71519
The host is missing a security update according to Apple advisory, APPLE-SA-2021-04-26-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple issues. Successful exploitation allow attackers to execute arbitrary code. oval:org.secpod.oval:def:71495 The host is installed with Apple Mac OS X 10.14.6, 10.15.7 or Apple Mac OS 11.x before 11.3 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle an imput validation issue. Successful exploitation allows an attacker to cause a denial of ... oval:org.secpod.oval:def:89000370 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side . - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard . - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP . oval:org.secpod.oval:def:705797 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:89050376 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side . - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard . - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP . oval:org.secpod.oval:def:71227 Multiple vulnerabilities were discovered in cURL, an URL transfer library: CVE-2020-8169 Marek Szlagor reported that libcurl could be tricked into prepending a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server ... oval:org.secpod.oval:def:119218 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:70130 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:73587 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: FTP PASV command response can cause curl to connect to arbitrary host * curl: Malicious FTP server can trigger stack ov ... oval:org.secpod.oval:def:2106586 Oracle Solaris 11 - ( CVE-2007-1562 ) oval:org.secpod.oval:def:71491 The host is missing a security update according to Apple advisory, APPLE-SA-2021-04-26-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple issues. Successful exploitation allow attackers to execute arbitrary code. oval:org.secpod.oval:def:71490 The host is missing a security update according to Apple advisory, APPLE-SA-2021-04-26-4. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple issues. Successful exploitation allow attackers to execute arbitrary code. oval:org.secpod.oval:def:89044437 This update for curl fixes the following issues: - CVE-2021-22898: TELNET stack contents disclosure - CVE-2021-22876: The automatic referer leaks credentials - CVE-2020-8286: Inferior OCSP verification - CVE-2020-8285: FTP wildcard stack overflow - CVE-2020-8284: Trusting FTP PASV responses - C ... oval:org.secpod.oval:def:1700695 A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl"s multi API, and sets the `CURLOPT_CONNECT_ONLY` option, might experience libcurl using the wrong connection. The highest threat from this vulnerability is to data confidentia ... oval:org.secpod.oval:def:506081 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: FTP PASV command response can cause curl to connect to arbitrary host * curl: Malicious FTP server can trigger stack ov ... oval:org.secpod.oval:def:1504906 [7.61.1-18] - http: send payload when authentication is done - curl: Inferior OCSP verification - libcurl: FTP wildcard stack overflow - curl: trusting FTP PASV responses [7.61.1-17] - validate an ssl connection using an intermediate certificate [7.61.1-16] - fix multiarch conflicts in libcurl ... oval:org.secpod.oval:def:4501252 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: FTP PASV command response can cause curl to connect to arbitrary host * curl: Malicious FTP server can trigger stack ov ... oval:org.secpod.oval:def:71453 The host is missing a security update according to Apple advisory, APPLE-SA-2021-04-26-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple issues. Successful exploitation allow attackers to execute arbitrary code. oval:org.secpod.oval:def:119185 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:605476 Multiple vulnerabilities were discovered in cURL, an URL transfer library: CVE-2020-8169 Marek Szlagor reported that libcurl could be tricked into prepending a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server ... oval:org.secpod.oval:def:89050239 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side . - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard . - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP . oval:org.secpod.oval:def:2500466 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. oval:org.secpod.oval:def:1801803 Affected versions: libcurl 7.21.0 to and including 7.73.0 Not affected versions: libcurl < 7.21.0 and libcurl >= 7.74.0 Affected versions: libcurl 7.41.0 to and including 7.73.0 Not affected versions: libcurl < 7.41.0 and libcurl >= 7.74.0 oval:org.secpod.oval:def:67763 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. |