6891 matches found
Security update for curl (important)
openSUSE Security Update: Security update for curl Announcement ID: openSUSE-SU-2020:0908-1 Rating: important References: 1173027 Cross-References: CVE-2020-8177 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for curl fixes...
OPENSUSE-SU-2020:0883-1 Security update for curl
This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027. - CVE-2020-8169: Fixed an issue where could have led to partial password leak over DNS on HTTP...
SUSE-SU-2020:1773-1 Security update for curl
This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027...
Exploit for Link Following in Docker Desktop
CVE-2020-10665 Docker Desktop Local Privilege Escalation POC...
Arbitrary File Overwrite
libcurl.so is vulnerable to arbitrary file overwrite. A logic flaw occurs when the -J flag is used together with -i option and are used in the reversed order. A malicious server will be able to overwrite arbitrary local files where the curl was executed by responding with malicious HTTP headers...
FreeBSD : curl -- multiple vulnerabilities (6bff5ca6-b61a-11ea-aef4-08002728f74c)
curl security problems : CVE-2020-8169: Partial password leak over DNS on HTTP redirect libcurl can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS servers. libcurl can be given a usernam...
USN-4402-1 curl vulnerabilities
Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered that curl incorrectly handled certain credentials. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. CVE-2020-8169 It was discovered that curl incorrectl...
CURL-CVE-2020-8177 curl overwrite local file with -J
curl can be tricked by a malicious server to overwrite a local file when using -J --remote-header-name and -i --include in the same command line. The command line tool offers the -J option that saves a remote file using the filename present in the Content-Disposition: response header. curl then...
SUSE-SU-2020:14409-1 Security update for curl
This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027...
SUSE-SU-2020:1734-1 Security update for curl
This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027...
SUSE-SU-2020:1733-1 Security update for curl
This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027. - CVE-2020-8169: Fixed an issue where could have led to partial password leak over DNS on HTTP...
SUSE-SU-2020:1732-1 Security update for curl
This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027...
curl -- multiple vulnerabilities
curl security problems: CVE-2020-8169: Partial password leak over DNS on HTTP redirect libcurl can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS servers. libcurl can be given a username...
CVE-2019-20851
An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device...
Cisco UCS Director Path Traversal Vulnerability (CNVD-2020-34295)
Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS from Cisco. A path traversal vulnerability exists in the orchestration task in Cisco UCS Director Releases prior to 6.7.4.0, where the program fails to adequately validate user-submitted input. A...
helm path traversal vulnerability
helm is a Kubernetes package manager. A path traversal vulnerability exists in helm 3.0.0 and later fixed in version 3.2.4. An attacker can send a tar file containing a '/...' sequence in the 'path' parameter. /...' sequence in the 'path' parameter to overwrite arbitrary files on the system...
Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-32792)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices have a security vulnerability that can be exploited by attackers to overwrite arbitrary files with the help of symbolic links...
Design/Logic Flaw
Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders repositories by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in t...
CVE-2020-12851
Summary of CVE-2020-12851 (Pydio Cells 2.0.4): An authenticated user can write or overwrite files in another user’s personal and cells folders by uploading a crafted ZIP and triggering the web app’s file extraction feature. The vulnerability is unlocked via the ZIP extraction mechanism, which pla...
CVE-2020-12851
Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders repositories by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in t...