CVE-2019-16890

Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...

Linux Distros Unpatched Vulnerability : CVE-2017-16890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SWFTools 0.9.2 has a divide-by-zero error in the wavconvert2mono function in lib/wav.c because the align value may be zero. CVE-2017-16890 Note that Nessus reli...

BELL-CVE-2018-16890 CVE-2018-16890 does not affect BellSoft software

Bulletin has no description...

SUSE CVE-2017-16890

SWFTools 0.9.2 has a divide-by-zero error in the wavconvert2mono function in lib/wav.c because the align value may be zero...

SUSE CVE-2018-16890

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages lib/vauth/ntlm.c:ntlmdecodetype2target does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that...

SUSE: Security Advisory (SUSE-SU-2019:0249-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:0339-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 8 : curl (CESA-2019:3701)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3701 advisory. - curl: NTLM type-2 heap out-of-bounds buffer read CVE-2018-16890 - wget: Information exposure in setfilemetadata function in xattr.c CVE-2018-20483 -...

CVE-2020-16890

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne...

CVE-2020-16890 Windows Kernel Elevation of Privilege Vulnerability

...

CVE-2020-16890

CVE-2020-16890 is a Windows kernel elevation-of-privilege vulnerability where the kernel mishandles objects in memory, allowing a locally authenticated attacker to run arbitrary code in kernel mode after logging on and running a crafted application. The exploit could lead to full system compromis...

curl security and bug fix update

7.61.1-11 - rebuild with updated annobin to prevent Execshield RPMDiff check from failing 7.61.1-10 - fix SMTP end-of-response out-of-bounds read CVE-2019-3823 - fix NTLMv2 type-3 header stack buffer overflow CVE-2019-3822 - fix NTLM type-2 out-of-bounds buffer read CVE-2018-16890 - xattr: strip...

RHEL 8 : curl (RHSA-2019:3701)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3701 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

CVE-2019-16890

CVE-2019-16890 affects Halo 1.1.0 with a stored/reflective XSS via a crafted authorUrl in JSON data sent to api/content/posts/comments. The root cause is unvalidated input in the JSON path used for comments, enabling script injection. Documented impact is user-visible XSS; baseline CVSS includes ...

Fedora Update for curl FEDORA-2019-697de0501f

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for curl (openSUSE-SU-2019:0174-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for curl (openSUSE-SU-2019:0173-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : curl (openSUSE-2019-173)

This update for curl fixes the following issues : Security issues fixed : - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP bsc1123378. - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message...

SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0339-1)

This update for curl fixes the following issues : Security issues fixed : CVE-2019-3822: Fixed a NTLMv2 type-3 header stack-based buffer overflow bsc1123377. CVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response bsc1123378. CVE-2018-16890: Fixed an out-of-bounds buffer read in NT...

[ASA-201902-12] lib32-libcurl-compat: arbitrary code execution

Arch Linux Security Advisory ASA-201902-12 ========================================== Severity: High Date : 2019-02-12 CVE-ID : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Package : lib32-libcurl-compat Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-875...