Download
| Alert*
|
oval:org.secpod.oval:def:20971
The host is installed with curl or libcurl 7.1 before 7.36 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to handle a crafted certificate issued by a legitimate Certification Authority. Successful exploitation could allow attackers to spoo ... oval:org.secpod.oval:def:106368 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:24537 The host is installed with curl 7.29.0 and earlier on Red Hat Enterprise Linux 7 or curl 7.19.7 and earlier on Red Hat Enterprise Linux 6 and is prone to in-correct re-use vulnerability. A flaw is present in the application, which does not properly re-use authenticated negotiate connections. Success ... oval:org.secpod.oval:def:24538 The host is installed with curl 7.29.0 and earlier on Red Hat Enterprise Linux 7 or curl 7.19.7 and earlier on Red Hat Enterprise Linux 6 and is prone to in-correct re-use vulnerability. A flaw is present in the application, which does not properly re-use NTLM connections. Successful exploitation co ... oval:org.secpod.oval:def:1600347 The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015 oval:org.secpod.oval:def:1500559 Updated curl packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ... oval:org.secpod.oval:def:601202 Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user. oval:org.secpod.oval:def:1600154 cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. oval:org.secpod.oval:def:1300314 Updated curl packages fix security vulnerabilities: Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user . libcurl can in some c ... oval:org.secpod.oval:def:601151 The update for curl in DSA-2798-1 uncovered a regression affecting the curl command line tool behaviour . This update disables host verification too when using the --insecure option. For the oldstable distribution , this problem has been fixed in version 7.21.0-2.1+squeeze6. For the stable distribut ... oval:org.secpod.oval:def:601149 Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust chain. The de ... oval:org.secpod.oval:def:1600149 The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses SCP, SFTP, POP3, POP3S, IMAP, IMAPS, SMTP, SMTPS, LDAP, and LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015 . oval:org.secpod.oval:def:204236 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker ab ... oval:org.secpod.oval:def:601261 Two vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0138 Steve Holme discovered that libcurl can in some circumstances re-use the wrong connection when asked to do transfers using othe ... oval:org.secpod.oval:def:203326 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that libcurl could incorrectly reuse existing connections for requests that should have used different or no authentication credentials, w ... oval:org.secpod.oval:def:204257 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker ab ... oval:org.secpod.oval:def:117095 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:1600974 A heap use-after-free flaw was found in curl related to closing an easy handle. When closing and cleaning up an #039;easy#039; handle in the `Curl_close` function, the library code first frees a struct and might then subsequently erroneously write to a struct field within that already freed struct. ... oval:org.secpod.oval:def:601007 Yamada Yasuharu discovered that cURL, an URL transfer library, is vulnerable to expose potentially sensitive information when doing requests across domains with matching tails. Due to a bug in the tailmatch function when matching domain names, it was possible that cookies set for a domain "ample.com ... oval:org.secpod.oval:def:701255 curl: HTTP, HTTPS, and FTP client and client libraries Applications using libcurl could be made to expose sensitive information over the network. oval:org.secpod.oval:def:106789 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:1500162 Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:501049 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A flaw was found in the way libcurl matched domains associated with cookies. This could lead to cURL or an application linked against libcurl sending t ... oval:org.secpod.oval:def:106388 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:202914 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when proce ... oval:org.secpod.oval:def:202913 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when proce ... oval:org.secpod.oval:def:107983 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:1500209 Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:501298 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that libcurl could incorrectly reuse existing connections for requests that should have used different or no authentication credentials, w ... oval:org.secpod.oval:def:1600309 The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. oval:org.secpod.oval:def:108302 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:107896 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:108028 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:202808 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A flaw was found in the way libcurl matched domains associated with cookies. This could lead to cURL or an application linked against libcurl sending t ... oval:org.secpod.oval:def:107458 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:202810 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A flaw was found in the way libcurl matched domains associated with cookies. This could lead to cURL or an application linked against libcurl sending t ... oval:org.secpod.oval:def:601061 Timo Sirainen discovered that cURL, an URL transfer library, is prone to a heap overflow vulnerability due to bad checking of the input data in the curl_easy_unescape function. The curl command line tool is not affected by this problem as it doesn"t use the curl_easy_unescape function. oval:org.secpod.oval:def:106798 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:107648 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:501076 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when proce ... oval:org.secpod.oval:def:1500155 Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:1500237 Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:501688 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker ab ... oval:org.secpod.oval:def:602055 Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2015-3143 NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. This is similar to the i ... oval:org.secpod.oval:def:1200093 It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticed requests to the same server, the ... oval:org.secpod.oval:def:1501103 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:501616 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker ab ... oval:org.secpod.oval:def:108812 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:1501245 The remote host is missing a patch containing a security fix, which affects the following package(s): curl oval:org.secpod.oval:def:108772 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:1502522 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502523 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:115296 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:51024 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:53460 Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-16839 Harry Sintonen discovered that, on systems with a 32 bit size_t, an integer overflow would be triggered when a SASL user name longer than 2GB is used. This would in turn cause a very small buffer to be allocated ins ... oval:org.secpod.oval:def:51917 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:705173 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1700125 libcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad le ... |
