3499 matches found
OESA-2023-1195 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However,...
AZL-25847 CVE-2023-27534 affecting package curl for versions less than 8.0.1-1
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
DEBIAN-CVE-2023-27535
An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...
AZL-25806 CVE-2023-27534 affecting package mysql for versions less than 8.0.34-1
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
AZL-25846 CVE-2023-27535 affecting package curl for versions less than 8.0.1-1
An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...
AZL-38512 CVE-2023-27535 affecting package tensorflow for versions less than 2.16.1-1
An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...
ALPINE-CVE-2023-27535
An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...
The vulnerability of TP-Link MR3020 router’s microprogramming software, related to the lack of measures taken to clean data at the control level, allows attackers to execute arbitrary commands.
The vulnerability of TP-Link MR3020 router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending a specially crafted tftp request to the destination...
TP-Link MR3020 命令注入漏洞
TP-Link MR3020 is a wireless router from China's P&L TP-Link. A security vulnerability exists in the TP-Link MR3020 that stems from the discovery of a command injection issue. The vulnerability allows a remote attacker to send a crafted request to a tftp endpoint to execute arbitrary commands...
SUSE CVE-2023-27535
An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...
FTP too eager connection reuse
libcurl would reuse a previously created FTP connection even when one or more options had been changed that could have made the effective user a different one, thus leading to doing the second transfer with the wrong credentials. libcurl keeps previously used connections in a connection pool for...
SFTP path ~ resolving discrepancy
curl supports SFTP transfers. curl's SFTP implementation offers a special feature in the path component of URLs: a tilde character as the first path element in the path to denotes a path relative to the user's home directory. This is supported because of wording in the once proposed to-become RFC...
IBM Aspera Access Control Error Vulnerability (CNVD-2023-20083)
IBM Aspera is an IBM FASP protocol-based fast file transfer and streaming solution from International Business Machines IBM. IBM Aspera Faspex version 5.0.4 is vulnerable to an access control error, which stems from the existence of improper access control of the application. An authenticated...
UBUNTU-CVE-2023-27535
An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...
UBUNTU-CVE-2023-27534
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
CVE-2023-21457
Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission...
CVE-2023-21457
Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission...
Improper access control
Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission...
CVE-2023-21457
Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission...
CVE-2023-21457
Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission...