CVE-2018-15601

apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism...

Security Bulletin: cURL vulnerability CVE-2019-15601 impacts IBM Aspera High-Speed Transfer Server 3.9.6.2 and earlier and Aspera High-Speed Transfer Endpoint 3.9.6.2 and earlier

Summary Security Bulletin: cURL vulnerability CVE-2019-15601 impacts IBM Aspera High-Speed Transfer Server 3.9.6.2 and earlier and Aspera High-Speed Transfer Endpoint 3.9.6.2 and earlier. The fix was delivered in IBM Aspera High-Speed Transfer Server 4.0.0 and Aspera High-Speed Transfer Endpoint...

Security Bulletin: cURL vulnerability CVE-2019-15601 impacts IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier

Summary cURL vulnerability CVE-2019-15601 impacts IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier. The fix for this set of vulnerabilities was delivered in IBM Aspera High-Speed Transfer Server V4.0.0 and IBM Aspera High-Speed Transfer Endpoint V4.0.0 with streamin...

Ubuntu: Security Advisory (USN-4641-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS : libextractor vulnerabilities (USN-4641-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4641-1 advisory. It was discovered that Libextractor incorrectly handled zero sample rate. An attacker could possibly use this issue to cause a denial of service...

USN-4641-1: libextractor vulnerabilities

It was discovered that Libextractor incorrectly handled zero sample rate. An attacker could possibly use this issue to cause a denial of service. CVE-2017-15266 It was discovered that Libextractor incorrectly handled certain FLAC metadata. An attacker could possibly use this issue to cause a deni...

USN-4641-1 libextractor vulnerabilities

It was discovered that Libextractor incorrectly handled zero sample rate. An attacker could possibly use this issue to cause a denial of service. CVE-2017-15266 It was discovered that Libextractor incorrectly handled certain FLAC metadata. An attacker could possibly use this issue to cause a deni...

CVE-2020-15601

If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this...

CVE-2020-15601

Summary: CVE-2020-15601 concerns an LDAP authentication bypass in Trend Micro Deep Security Manager (versions 10.x–12.x). When LDAP authentication is enabled, an unauthenticated attacker with prior knowledge of the targeted organization could bypass manager authentication. The vulnerability is mi...

PXC Release update for April 2020 MySQL security patches | Cloud Foundry

Severity Critical Vendor Cloud Foundry Foundation Description Cloud Foundry Deployment, through its consumption of Percona XtraDB Cluster Release, is vulnerable to various MySQL vulnerabilities patched in the April 2020 Critical Patch Update, including the following high and critical issues:...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1626)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-15601

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1345)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

curl: curl still vulnerable to SMB access smuggling via FILE URL on Windows

Summary: The released fix for CVE-2019-15601, SMB access smuggling via FILE URL on Windows, leaves curl still vulnerable to SMB access smuggling via FILE URLs. - FILE URLs formatted as file:////smbserver/smbshare/file are not filtered. - FILE URLs which point to the global DOS name space, ??, and...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1144)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : curl (EulerOS-SA-2020-1144)

According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - CURL before 7.68.0 lacks proper input validation, which allows users to create a FILE: URL that can make the client access a remote file using SMB...

CVE-2019-15601

...

CVE-2019-15601

CVE-2019-15601 affects the libcurl component used by IBM Aspera High-Speed Transfer Server and Transfer Endpoint. Impacted products: IBM Aspera High-Speed Transfer Server (versions 3.9.6.2 and earlier) and IBM Aspera High-Speed Transfer Endpoint (versions 3.9.6.2 and earlier). Description from IB...

CVE-2018-15601

Elefant CMS 2.0.3 contains a bypass in apps/filemanager/handlers/upload/drop.php where URL decoding occurs after the restricted-extension check. This allows an attacker to upload files with any extension by URL-encoding the extension, bypassing the protection that should block executable files. T...

CVE-2018-15601

apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism...