9 matches found
@abuenameh/parse-utils (>=1.1.3 <=1.1.3-1), @activity-maker/component-core-dependencies (>=1.8.0 <=1.16.0) +799 more potentially affected by CVE-2025-27789 via @babel/runtime-corejs3 (>=7.10.0 <=7.26.0)
@babel/runtime-corejs3 NPM version =7.10.0, =1.1.3, =1.8.0, =1.0.0, =2.1.0, =0.2.0, =1.0.5, =2.2.0, =0.0.18, =0.0.18, =0.0.18, =0.0.18, =0.0.19 and more Source cves: CVE-2025-27789 Source advisory: OSV:GHSA-968P-4WVH-CQC8...
[SECURITY] [DLA 1195-1] curl security update
Package : curl Version : 7.26.0-1+wheezy23 CVE ID : CVE-2017-8817 CVE-2017-8817 Fuzzing by the OSS-Fuzz project led to the discovery of a read out of bounds flaw in the FTP wildcard function in libcurl. A malicious server could redirect a libcurl-based client to an URL using a wildcard pattern,...
[SECURITY] [DLA 1143-1] curl security update
Package : curl Version : 7.26.0-1+wheezy22 CVE ID : CVE-2017-1000257 Brian Carpenter, Geeknik Labs, 0xd34db347, and independently reported by the OSS-Fuzz project, detected a out of bounds read during IMAP FETCH response. For Debian 7 "Wheezy", this problem has been fixed in version...
[SECURITY] [DLA 883-1] curl security update
Package : curl Version : 7.26.0-1+wheezy18+deb7u1 CVE ID : CVE-2017-7407 It was discovered that there was a buffer read overrun vulnerability in curl, a tool for downloading files from the internet, etc. If a "%" ended the --write-out parameter, the strings trailing NUL would be skipped and memor...
Debian DLA-767-1 : curl security update
It was discovered that libcurl's implementation of the printf functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion outputs more than 255 bytes. The flaw happens because the floating point conversion is using system functions without the...
[SECURITY] [DLA 711-1] curl security update
Package : curl Version : 7.26.0-1+wheezy17 CVE ID : CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8615 If cookie state is written into a cookie jar file that is later read back and used for subsequent request...
[SECURITY] [DLA 625-1] curl security update
Package : curl Version : 7.26.0-1+wheezy16 CVE ID : CVE-2016-7167 Debian Bug : 837945 It was discovered that the four four libcurl functions curlescape, curleasyescape, curlunescape and curleasyunescape accepted negative sting length inputs. For Debian 7 "Wheezy", these problems have been fixed i...
Debian Security Advisory DSA 3122-1 (curl - security update)
Andrey Labunets of Facebook discovered that cURL, an URL transfer library, fails to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to do additional requests in...
CVE-2013-0249
Stack-based buffer overflow in the Curlsaslcreatedigestmd5message function in lib/curlsasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long string...