Download
| Alert*
oval:org.secpod.oval:def:89044801
This update for curl fixes the following issues: These security issues were fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information fr ... oval:org.secpod.oval:def:89044855 This update for curl fixes the following issues: Security issue fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process m ... oval:org.secpod.oval:def:2100412 curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl"s implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks. oval:org.secpod.oval:def:39617 The host is installed with Apple Mac OS X or Server 10.12.3 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle bounds checking. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:89044650 This update for curl fixes the following issues: - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service - CVE-2017-7407: ourWriteOut function problem could lead to a heap buffer over-read - CVE-2016-9586: libcurl printf issue could lead to buffer overflow oval:org.secpod.oval:def:41490 The host is missing a security update according to Apple advisory, APPLE-SA-2017-07-19-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:111794 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:111818 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:1600516 libcurl"s implementation of the printf functions triggers a buffer overflow when doing a large floating point output. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks. This flaw does not exist in the command l ... oval:org.secpod.oval:def:703853 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:51917 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1800892 libcurl"s implementation of the printf functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion outputs more than 255 bytes. Affected versions: libcurl 7.1 to and including 7.51.0 Fixed In: libcurl 7.52.0 oval:org.secpod.oval:def:505099 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The following packages have been upgraded to a later upstream version: httpd24-httpd , httpd ... oval:org.secpod.oval:def:39718 The host is missing a security update according to Apple advisory, APPLE-SA-2017-03-27-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... |