EUVD-2021-16078

Malware in sbrugna...

curl: use after free in SSH sha256 fingerprint check

A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed...

curl: use after free in SSH sha256 fingerprint check

A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed...

SUSE-SU-2023:2224-1 Security update for curl

This update for curl adds the following feature: Update to version 8.0.1 jscPED-2580 - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check bsc1211230. - CVE-2023-28320: siglongjmp race condition bsc1211231. - CVE-2023-28321: IDN wildcard matching bsc1211232. - CVE-2023-28322:...

GHSA-F585-9FW3-RJ2M Arbitrary file existence check in file fingerprints in Jenkins

Jenkins provides a feature for jobs to store and track fingerprints of files used during a build. Jenkins 2.274 and earlier, LTS 2.263.1 and earlier provides a REST API to check where a given fingerprint was used by which builds. This endpoint does not fully validate that the provided fingerprint...

GNU Midnight Commander 授权问题漏洞

GNU Midnight Commander is a visual file manager. A security vulnerability exists in Midnight Commander that stems from the fact that starting with version 4.8.26, the server's fingerprint is neither checked nor displayed when Midnight Commander establishes an SFTP connection. An attacker could us...