Lucene search
+L

194 matches found

UbuntuCve
UbuntuCve
added 2019/07/26 12:0 a.m.28 views

CVE-2019-13565

An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs...

7.5CVSS6.8AI score0.05015EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2019/07/01 12:0 a.m.38 views

[ASA-201907-1] irssi: arbitrary code execution

Arch Linux Security Advisory ASA-201907-1 ========================================= Severity: High Date : 2019-07-01 CVE-ID : CVE-2019-13045 Package : irssi Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-999 Summary ======= The package irssi before version...

8.1CVSS1.8AI score0.03333EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/06/18 7:8 p.m.4 views

curl: Integer overflow leading to heap-based buffer overflow in Curl_sasl_create_plain_message()

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service...

9.8CVSS7.6AI score0.05782EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.35 views

EulerOS Virtualization for ARM 64 3.0.1.0 : memcached (EulerOS-SA-2019-1396)

According to the versions of the memcached package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol. An...

9.8CVSS8.9AI score0.45703EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2019/05/03 12:0 a.m.35 views

openSUSE Security Update : curl (openSUSE-2019-1311)

This update for curl fixes the following issues : Security issue fixed : - CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code bsc1112758. This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

9.8CVSS7.3AI score0.05782EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/04/24 12:0 a.m.31 views

SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0996-1)

This update for curl fixes the following issues : Security issue fixed : CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code bsc1112758. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

9.8CVSS7.2AI score0.05782EPSS
Exploits0References5
OSV
OSV
added 2019/04/23 4:43 p.m.8 views

SUSE-SU-2019:0996-1 Security update for curl

This update for curl fixes the following issues: Security issue fixed: - CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code bsc1112758...

9.8CVSS9.9AI score0.05782EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/01/25 12:0 a.m.47 views

Amazon Linux AMI : curl (ALAS-2019-1148)

A heap use-after-free flaw was found in curl related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently erroneously write to a struct field within that...

9.8CVSS7.2AI score0.05782EPSS
Exploits0References4
Amazon
Amazon
added 2019/01/21 12:0 a.m.118 views

Low: curl

Issue Overview: A heap use-after-free flaw was found in curl related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently erroneously write to a struct fiel...

9.8CVSS8.2AI score0.05782EPSS
Exploits0
Veracode
Veracode
added 2019/01/15 8:58 a.m.19 views

Privilege Escalation

389-ds-base is vulnerable to privilege escalation attacks. The vulnerability exists as the SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bi...

6.5CVSS6.7AI score0.0219EPSS
Exploits2References10Affected Software1
Cloud Foundry
Cloud Foundry
added 2018/11/20 12:0 a.m.271 views

USN-3805-1: curl vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a...

9.8CVSS8.7AI score0.05782EPSS
Exploits0
ArchLinux
ArchLinux
added 2018/11/06 12:0 a.m.34 views

[ASA-201811-9] lib32-curl: arbitrary code execution

Arch Linux Security Advisory ASA-201811-9 ========================================= Severity: High Date : 2018-11-06 CVE-ID : CVE-2018-16839 CVE-2018-16840 Package : lib32-curl Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-796 Summary ======= The package...

9.8CVSS1AI score0.05782EPSS
Exploits0References7
CNVD
CNVD
added 2018/11/02 12:0 a.m.2 views

Haxx curl buffer overflow vulnerability (CNVD-2019-35853)

Haxx curl is a set of file transfer tools from the Swedish company Haxx that utilize URL syntax to work at the command line. The tool supports file uploads and downloads and includes a libcurl client-side URL transfer library for program development. A buffer overflow vulnerability exists in the...

9.8CVSS7.8AI score0.05782EPSS
Exploits0References1
Prion
Prion
added 2018/10/31 6:29 p.m.20 views

Buffer overflow

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service...

7.5CVSS9.3AI score0.05782EPSS
Exploits0References9Affected Software3
OSV
OSV
added 2018/10/31 6:29 p.m.2 views

ALPINE-CVE-2018-16839

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service...

9.8CVSS7.4AI score0.05782EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2018/10/31 6:0 p.m.4 views

CVE-2018-16839

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service...

4.3CVSS6.1AI score0.05782EPSS
Exploits0References9
AlpineLinux
AlpineLinux
added 2018/10/31 6:0 p.m.56 views

CVE-2018-16839

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service...

9.8CVSS9.6AI score0.05782EPSS
Exploits0
CVE
CVE
added 2018/10/31 6:0 p.m.298 views

CVE-2018-16839

Curl/libcurl versions 7.33.0–7.61.1 are vulnerable to a SASL authentication buffer overrun that may trigger a denial of service. Root cause: improper handling in the SASL code leads to overrun/overflow. Impact: denial of service; no explicit exploit details provided here. Remediation: upgrade to ...

9.8CVSS9.3AI score0.05782EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2018/10/31 12:38 p.m.1 views

USN-3805-1 curl vulnerabilities

Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-16839 Brian Carpenter discovered that curl incorrectly handled memory when...

9.8CVSS6.8AI score0.05782EPSS
Exploits0References4
OSV
OSV
added 2018/10/31 8:0 a.m.13 views

CURL-CVE-2018-16839 SASL password overflow via integer overflow

libcurl contains a buffer overrun in the SASL authentication code. The internal function Curlauthcreateplainmessage fails to correctly verify that the passed in lengths for name and password are not too long, then calculates a buffer size to allocate. On systems with a 32-bit sizet, the math to...

9.8CVSS8AI score0.05782EPSS
Exploits0
Rows per page
Query Builder