Download
| Alert*
|
oval:org.secpod.oval:def:503382
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: NTLM type-2 heap out-of-bounds buffer read * wget: Information exposure in set_file_metadata function in xattr.c * cur ... oval:org.secpod.oval:def:54264 wget: retrieves files from the web Several security issues were fixed in Wget. oval:org.secpod.oval:def:54397 wget: retrieves files from the web Several security issues were fixed in Wget. oval:org.secpod.oval:def:1600976 set_file_metadata in xattr.c in GNU Wget stores a file#039;s origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information by reading this attribute, as demonstrated by getfattr. This also applies ... oval:org.secpod.oval:def:1801280 set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file"s origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information by reading this attribute, as demonstrated by getfattr. This al ... oval:org.secpod.oval:def:1801281 set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file"s origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information by reading this attribute, as demonstrated by getfattr. This al ... oval:org.secpod.oval:def:1801562 set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file"s origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information by reading this attribute, as demonstrated by getfattr. This al ... oval:org.secpod.oval:def:1000557 The remote host is missing a patch 125216-08 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000576 The remote host is missing a patch 125215-08 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:66495 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: NTLM type-2 heap out-of-bounds buffer read * wget: Information exposure in set_file_metadata function in xattr.c * cur ... oval:org.secpod.oval:def:704883 wget: retrieves files from the web Several security issues were fixed in Wget. oval:org.secpod.oval:def:1504292 [7.61.1-11] - rebuild with updated annobin to prevent Execshield RPMDiff check from failing [7.61.1-10] - fix SMTP end-of-response out-of-bounds read - fix NTLMv2 type-3 header stack buffer overflow - fix NTLM type-2 out-of-bounds buffer read - xattr: strip credentials from any URL that is stored ... oval:org.secpod.oval:def:2104626 Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. oval:org.secpod.oval:def:50592 set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribu ... oval:org.secpod.oval:def:115795 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:1900040 set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file"s origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information by reading this attribute, as demonstrated by getfattr. This als ... oval:org.secpod.oval:def:1700125 libcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad le ... |
