4206 matches found
CVE-2017-14899
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCANL80211VENDORSUBCMDSETTXPOWERSCALEDECRDB vendor command, in which attribute QCAWLANVENDORATTRTXPOWERSCALEDECRDB contains fewer than 1 byte, a buffer overrun occu...
CVE-2017-14900
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCANL80211VENDORSUBCMDGETCHAINRSSI vendor command, in which attribute QCAWLANVENDORATTRMACADDR contains fewer than 6 bytes, a buffer overrun occurs...
CVE-2017-14898
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCANL80211VENDORSUBCMDSETTXPOWERSCALE vendor command, in which attribute QCAWLANVENDORATTRTXPOWERSCALE contains fewer than 1 byte, a buffer overrun occurs...
CVE-2017-14899
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCANL80211VENDORSUBCMDSETTXPOWERSCALEDECRDB vendor command, in which attribute QCAWLANVENDORATTRTXPOWERSCALEDECRDB contains fewer than 1 byte, a buffer overrun occu...
CVE-2017-14900
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCANL80211VENDORSUBCMDGETCHAINRSSI vendor command, in which attribute QCAWLANVENDORATTRMACADDR contains fewer than 6 bytes, a buffer overrun occurs...
CVE-2017-14901
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCANL80211VENDORSUBCMDSETTXPOWERSCALE vendor command, in which attribute QCAWLANVENDORATTRTXPOWERSCALE contains fewer than 1 byte, a buffer overrun occurs...
CVE-2017-14899
CVE-2017-14899 affects Android for MSM (CAF Linux kernel-based builds) and Qualcomm WLAN components; a buffer overrun occurs when the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB attribute contains fewer than 1 byte during processing of the vendor command, potentially enabling local impact...
CVE-2017-14898
CVE-2017-14898 affects Qualcomm WLAN in Android builds (Android for MSM, CAF/Linux kernel). The issue is a buffer overrun in QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE handling when QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE is less than 1 byte. Impact per sources includes high confidentiality, integrit...
CVE-2017-14900
CVE-2017-14900 describes a buffer overrun in the WLAN vendor path when the QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI is processed and the MAC address attribute contains fewer than 6 bytes. Affected stack includes Android for MSM, Firefox OS for MSM, QRD Android, and CAF Android releases using the ...
CVE-2017-14901
CVE-2017-14901 describes a buffer overrun in the Qualcomm WLAN driver within Android for MSM/CAF Linux kernel when handling QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE with a TXPOWER_SCALE attribute of fewer than 1 byte. Affected components include Android devices using CAF/Linux kernel implement...
EulerOS 2.0 SP2 : curl (EulerOS-SA-2017-1313)
According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an...
EulerOS 2.0 SP1 : curl (EulerOS-SA-2017-1312)
According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an...
Debian DSA-4051-1 : curl - security update
Two vulnerabilities were discovered in cURL, an URL transfer library. - CVE-2017-8816 Alex Nichols discovered a buffer overrun flaw in the NTLM authentication code which can be triggered on 32bit systems where an integer overflow might occur when calculating the size of a memory allocation. -...
[ASA-201711-36] lib32-curl: multiple issues
Arch Linux Security Advisory ASA-201711-36 ========================================== Severity: High Date : 2017-11-30 CVE-ID : CVE-2017-8816 CVE-2017-8817 CVE-2017-8818 Package : lib32-curl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-521 Summary ======= The...
[ASA-201711-38] lib32-libcurl-compat: multiple issues
Arch Linux Security Advisory ASA-201711-38 ========================================== Severity: High Date : 2017-11-30 CVE-ID : CVE-2017-8816 CVE-2017-8817 CVE-2017-8818 Package : lib32-libcurl-compat Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-522 Summary ======...
[SECURITY] [DSA 4051-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4051-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez November 29, 2017 https://www.debian.org/security/faq -...
CURL-CVE-2017-8816 NTLM buffer overflow via integer overflow
libcurl contains a buffer overrun flaw in the NTLM authentication code. The internal function Curlntlmcoremkntlmv2hash sums up the lengths of the username + password = SUM and multiplies the sum by two = SIZE to figure out how large storage to allocate from the heap. The SUM value is subsequently...
Virtuozzo 7 : curl / libcurl / libcurl-devel (VZLSA-2017-3263)
An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
CentOS 7 : curl (CESA-2017:3263)
An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
Scientific Linux Security Update : curl on SL7.x x86_64 (20171127)
Security Fixes : - A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application. CVE-2017-1000257 %NASLMINLEVEL...