Download
| Alert*
oval:org.secpod.oval:def:89045139
This update for curl fixes the following security issues: - CVE-2016-8624: invalid URL parsing with "#" - CVE-2016-8623: Use-after-free via shared cookies - CVE-2016-8621: curl_getdate read out of bounds - CVE-2016-8619: double-free in krb5 code - CVE-2016-8618: double-free in curl_maprintf - C ... oval:org.secpod.oval:def:703341 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:38522 The host is installed with Apple Mac OS X or Server 10.12.x through 10.12.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors related to curl. Successful exploitation could allow attackers to leak sensitive u ... oval:org.secpod.oval:def:2100432 The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get e ... oval:org.secpod.oval:def:111581 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:1800054 CVE-2016-8615: Cookie injection for other servers CVE-2016-8616: Case insensitive password comparison CVE-2016-8617: Out-of-bounds write via unchecked multiplication CVE-2016-8618: Double-free in curl_maprintf CVE-2016-8619: Double-free in krb5 code CVE-2016-8620: Glob parser write/read out of bound ... oval:org.secpod.oval:def:37885 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1600469 This build resolves the following issues:CVE-2016-8615 : Cookie injection for other serversCVE-2016-8616 : Case insensitive password comparisonCVE-2016-8617 : Out-of-bounds write via unchecked multiplicationCVE-2016-8618 : Double-free in curl_maprintfCVE-2016-8619 : Double-free in krb5 codeCVE-2016- ... oval:org.secpod.oval:def:1502522 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:51515 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1502523 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:602660 Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2016-8615 It was discovered that a malicious HTTP server could inject new cookies for arbitrary domains into a cookie jar. CVE-2016-8616 It was discovered that when re-using a connection, curl was doing case insensitive co ... oval:org.secpod.oval:def:505099 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The following packages have been upgraded to a later upstream version: httpd24-httpd , httpd ... oval:org.secpod.oval:def:1507194 [7.29.0-59.0.3.el7_9.2] - load CA certificates even with --insecure [Orabug: 32836997] - Fix TFTP small blocksize heap buffer overflow [CVE-2019-5482][Orabug: 30568724] - Security Fixes [OraBug: 28939992] - CVE-2016-8615 cookie injection for other servers - CVE-2016-8616 case insensitive password co ... oval:org.secpod.oval:def:38489 The host is missing a critical security update according to Apple advisory, APPLE-SA-2016-12-13-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute a ... |