Download
| Alert*
|
oval:org.secpod.oval:def:503382
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: NTLM type-2 heap out-of-bounds buffer read * wget: Information exposure in set_file_metadata function in xattr.c * cur ... oval:org.secpod.oval:def:2103499 libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn"t NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` ... oval:org.secpod.oval:def:89003369 This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP . - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message . - CVE-2018-1689 ... oval:org.secpod.oval:def:89003325 This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3822: Fixed a NTLMv2 type-3 header stack buffer overflow . - CVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response . - CVE-2018-16890: Fixed an out-of-bounds buffer read in NTLM type2 . - CVE-2018-168 ... oval:org.secpod.oval:def:66495 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: NTLM type-2 heap out-of-bounds buffer read * wget: Information exposure in set_file_metadata function in xattr.c * cur ... oval:org.secpod.oval:def:1801331 CVE-2018-16890: NTLM type-2 out-of-bounds buffer read¶ The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad l ... oval:org.secpod.oval:def:1801332 CVE-2018-16890: NTLM type-2 out-of-bounds buffer read¶ The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad l ... oval:org.secpod.oval:def:1801337 CVE-2018-16890: NTLM type-2 out-of-bounds buffer read¶ The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad l ... oval:org.secpod.oval:def:1601062 A stack-based buffer overflow vulnerability in the "Server: Packaging " subcomponent could allow an unauthenticated attacker to gain complete control of an affected instance of MySQL Server. Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.44 ... oval:org.secpod.oval:def:1801345 CVE-2018-16890: NTLM type-2 out-of-bounds buffer read¶ The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad l ... oval:org.secpod.oval:def:704487 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:603629 Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-16890 Wenxiang Qian of Tencent Blade Team discovered that the function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability, which could ... oval:org.secpod.oval:def:51213 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:115926 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:1504292 [7.61.1-11] - rebuild with updated annobin to prevent Execshield RPMDiff check from failing [7.61.1-10] - fix SMTP end-of-response out-of-bounds read - fix NTLMv2 type-3 header stack buffer overflow - fix NTLM type-2 out-of-bounds buffer read - xattr: strip credentials from any URL that is stored ... oval:org.secpod.oval:def:2105145 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS ... oval:org.secpod.oval:def:53509 Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-16890 Wenxiang Qian of Tencent Blade Team discovered that the function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability, which could ... oval:org.secpod.oval:def:57522 The host is installed with Oracle MySQL Server through 5.7.26 or 8.0.15 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Packaging (cURL). Successful exploitation allows attackers to affect confidentiality, integrity ... oval:org.secpod.oval:def:1700125 libcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad le ... |
