Download
| Alert*
oval:org.secpod.oval:def:506468
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: Leak of authentication credentials in URL via automatic Referer * curl: TELNET stack contents disclosure * curl: Incor ... oval:org.secpod.oval:def:1505269 [7.61.1-22] - fix STARTTLS protocol injection via MITM - fix protocol downgrade required TLS bypass [7.61.1-21] - fix TELNET stack contents disclosure again - fix TELNET stack contents disclosure - fix bad connection reuse due to flawed path name checks - disable metalink support to fix the fol ... oval:org.secpod.oval:def:86329 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: Leak of authentication credentials in URL via automatic Referer * curl: TELNET stack contents disclosure * curl: Incor ... oval:org.secpod.oval:def:2500389 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. oval:org.secpod.oval:def:1601453 It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Referer HTTP request header while handling HTTP redirects. This could lead to exposure of the credentials to the server to which requests were redirected. A vulnerability was found in ... oval:org.secpod.oval:def:705951 curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to expose sensitive information over the network. oval:org.secpod.oval:def:71239 curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to expose sensitive information over the network. oval:org.secpod.oval:def:71238 curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to expose sensitive information over the network. oval:org.secpod.oval:def:119737 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:2106735 Oracle Solaris 11 - ( CVE-2021-22876 ) oval:org.secpod.oval:def:97533 [CLSA-2021:1617285762] Fixed CVE-2021-22876 in curl oval:org.secpod.oval:def:119665 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:1700642 It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Referer HTTP request header while handling HTTP redirects. This could lead to exposure of the credentials to the server to which requests were redirected. A vulnerability was found in ... oval:org.secpod.oval:def:89044207 This update for curl fixes the following issues: - CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials . oval:org.secpod.oval:def:89044352 This update for curl fixes the following issues: - CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials . - CVE-2021-22898: Fixed curl TELNET stack contents disclosure . - Fix for SFTP uploads when it results in empty uploaded files . - Allow partial chain verification ... oval:org.secpod.oval:def:89049520 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup - CVE-2021-22876: Automatic referer leaks credentials oval:org.secpod.oval:def:70839 curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to expose sensitive information over the network. oval:org.secpod.oval:def:71227 Multiple vulnerabilities were discovered in cURL, an URL transfer library: CVE-2020-8169 Marek Szlagor reported that libcurl could be tricked into prepending a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server ... oval:org.secpod.oval:def:89044437 This update for curl fixes the following issues: - CVE-2021-22898: TELNET stack contents disclosure - CVE-2021-22876: The automatic referer leaks credentials - CVE-2020-8286: Inferior OCSP verification - CVE-2020-8285: FTP wildcard stack overflow - CVE-2020-8284: Trusting FTP PASV responses - C ... oval:org.secpod.oval:def:605476 Multiple vulnerabilities were discovered in cURL, an URL transfer library: CVE-2020-8169 Marek Szlagor reported that libcurl could be tricked into prepending a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server ... |