Lucene search
K

6891 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2020/06/29 12:0 a.m.58 views

Security update for curl (important)

openSUSE Security Update: Security update for curl Announcement ID: openSUSE-SU-2020:0908-1 Rating: important References: 1173027 Cross-References: CVE-2020-8177 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for curl fixes...

7.8CVSS7AI score0.01236EPSS
Exploits1References1
OSV
OSV
added 2020/06/27 4:16 p.m.4 views

OPENSUSE-SU-2020:0883-1 Security update for curl

This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027. - CVE-2020-8169: Fixed an issue where could have led to partial password leak over DNS on HTTP...

7.8CVSS7.6AI score0.03427EPSS
Exploits2References5
OSV
OSV
added 2020/06/26 6:6 a.m.8 views

SUSE-SU-2020:1773-1 Security update for curl

This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027...

7.8CVSS7.7AI score0.01236EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2020/06/25 7:35 a.m.116 views

Exploit for Link Following in Docker Desktop

CVE-2020-10665 Docker Desktop Local Privilege Escalation POC...

7.2CVSS7AI score0.01435EPSS
Exploits2
Veracode
Veracode
added 2020/06/25 5:16 a.m.25 views

Arbitrary File Overwrite

libcurl.so is vulnerable to arbitrary file overwrite. A logic flaw occurs when the -J flag is used together with -i option and are used in the reversed order. A malicious server will be able to overwrite arbitrary local files where the curl was executed by responding with malicious HTTP headers...

7.8CVSS2.1AI score0.01236EPSS
Exploits1References6Affected Software2
Tenable Nessus
Tenable Nessus
added 2020/06/25 12:0 a.m.34 views

FreeBSD : curl -- multiple vulnerabilities (6bff5ca6-b61a-11ea-aef4-08002728f74c)

curl security problems : CVE-2020-8169: Partial password leak over DNS on HTTP redirect libcurl can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS servers. libcurl can be given a usernam...

7.8CVSS6.7AI score0.03427EPSS
Exploits2References6
OSV
OSV
added 2020/06/24 11:51 a.m.2 views

USN-4402-1 curl vulnerabilities

Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered that curl incorrectly handled certain credentials. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. CVE-2020-8169 It was discovered that curl incorrectl...

7.8CVSS6.8AI score0.03427EPSS
Exploits2References3
OSV
OSV
added 2020/06/24 8:0 a.m.13 views

CURL-CVE-2020-8177 curl overwrite local file with -J

curl can be tricked by a malicious server to overwrite a local file when using -J --remote-header-name and -i --include in the same command line. The command line tool offers the -J option that saves a remote file using the filename present in the Content-Disposition: response header. curl then...

7.8CVSS7.7AI score0.01236EPSS
Exploits1
OSV
OSV
added 2020/06/24 7:45 a.m.5 views

SUSE-SU-2020:14409-1 Security update for curl

This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027...

7.8CVSS7.7AI score0.01236EPSS
Exploits1References3
OSV
OSV
added 2020/06/24 7:44 a.m.10 views

SUSE-SU-2020:1734-1 Security update for curl

This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027...

7.8CVSS7.7AI score0.01236EPSS
Exploits1References3
OSV
OSV
added 2020/06/24 7:43 a.m.9 views

SUSE-SU-2020:1733-1 Security update for curl

This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027. - CVE-2020-8169: Fixed an issue where could have led to partial password leak over DNS on HTTP...

7.8CVSS7.5AI score0.03427EPSS
Exploits2References5
OSV
OSV
added 2020/06/24 7:43 a.m.5 views

SUSE-SU-2020:1732-1 Security update for curl

This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027...

7.8CVSS7.7AI score0.01236EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2020/06/24 12:0 a.m.352 views

curl -- multiple vulnerabilities

curl security problems: CVE-2020-8169: Partial password leak over DNS on HTTP redirect libcurl can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS servers. libcurl can be given a username...

7.8CVSS7.8AI score0.03427EPSS
Exploits2References3
Cvelist
Cvelist
added 2020/06/19 2:2 p.m.18 views

CVE-2019-20851

An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device...

9.2AI score0.01385EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/18 12:0 a.m.4 views

Cisco UCS Director Path Traversal Vulnerability (CNVD-2020-34295)

Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS from Cisco. A path traversal vulnerability exists in the orchestration task in Cisco UCS Director Releases prior to 6.7.4.0, where the program fails to adequately validate user-submitted input. A...

8.5CVSS6.9AI score0.01982EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/17 12:0 a.m.4 views

helm path traversal vulnerability

helm is a Kubernetes package manager. A path traversal vulnerability exists in helm 3.0.0 and later fixed in version 3.2.4. An attacker can send a tar file containing a '/...' sequence in the 'path' parameter. /...' sequence in the 'path' parameter to overwrite arbitrary files on the system...

8.5CVSS7AI score0.01458EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/05 12:0 a.m.5 views

Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-32792)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices have a security vulnerability that can be exploited by attackers to overwrite arbitrary files with the help of symbolic links...

9.1CVSS6.9AI score0.00461EPSS
Exploits0References1
Prion
Prion
added 2020/06/04 8:15 p.m.12 views

Design/Logic Flaw

Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders repositories by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in t...

5.5CVSS7.9AI score0.0145EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2020/06/04 7:17 p.m.90 views

CVE-2020-12851

Summary of CVE-2020-12851 (Pydio Cells 2.0.4): An authenticated user can write or overwrite files in another user’s personal and cells folders by uploading a crafted ZIP and triggering the web app’s file extraction feature. The vulnerability is unlocked via the ZIP extraction mechanism, which pla...

8.1CVSS7.9AI score0.0145EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/06/04 7:17 p.m.12 views

CVE-2020-12851

Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders repositories by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in t...

8AI score0.0145EPSS
Exploits1References3
Rows per page
Query Builder