Lucene search
K

5 matches found

Hacker One
Hacker One
added 2022/10/27 3:19 p.m.67 views

Internet Bug Bounty: CVE-2022-35260: .netrc parser out-of-bounds access

Original Report:https://hackerone.com/reports/1721098 Impact If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service...

4.3CVSS7.7AI score0.01761EPSS
Exploits1
Slackware Linux
Slackware Linux
added 2022/10/27 2:30 a.m.55 views

[slackware-security] curl

New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-7.86.0-i586-1slack15.0.txz: Upgraded. This update fixes security issues: HSTS bypass via IDN. HTTP proxy...

9.8CVSS8.6AI score0.04325EPSS
Exploits2
OpenVAS
OpenVAS
added 2022/10/27 12:0 a.m.29 views

Slackware: Security Advisory (SSA:2022-299-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.7AI score0.04325EPSS
Exploits2References6
OSV
OSV
added 2022/10/26 8:0 a.m.23 views

CURL-CVE-2022-35260 .netrc parser out-of-bounds access

curl can be told to parse a .netrc file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, write a zero byte possibly beyond its boundary. This does in most cases caus...

6.5CVSS7AI score0.01761EPSS
Exploits1
FreeBSD
FreeBSD
added 2022/10/26 12:0 a.m.42 views

curl -- multiple vulnerabilities

Daniel Stenberg reports: CVE-2022-32221: POST following PUT confusion When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT...

9.8CVSS8.7AI score0.04325EPSS
Exploits2References4
Rows per page
Query Builder