Download
| Alert*
|
oval:org.secpod.oval:def:1600976
set_file_metadata in xattr.c in GNU Wget stores a file#039;s origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information by reading this attribute, as demonstrated by getfattr. This also applies ... oval:org.secpod.oval:def:2102413 Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZ ... oval:org.secpod.oval:def:704154 curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:89049654 This update for curl fixes the following issues: Security issue fixed: - CVE-2018-0500: Fix a SMTP send heap buffer overflow . oval:org.secpod.oval:def:51072 curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1700068 A heap-based buffer overflow has been found in the Curl_smtp_escape_eob function of curl. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory. oval:org.secpod.oval:def:114809 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... |
