10019 matches found
Astra Linux - уязвимость в curl
Curl versions 7.41.0 through 7.73.0 are vulnerable to a flaw related to improper checks for certificate revocation, due to insufficient verification of the OCSP response...
Astra Linux - уязвимость в curl
A vulnerability related to insufficiently protected credentials, addressed in curl 7.83.0, may cause authentication or cookie header data to be leaked during HTTP redirections to the same host, but using a different port number...
Astra Linux - уязвимость в curl
Due to the use of a dangling pointer, libcurl versions 7.29.0 through 7.71.1 can use the wrong connection when sending data...
Astra Linux - уязвимость в curl
Curl versions 7.62.0 through 7.70.0 are vulnerable to an information disclosure vulnerability that can result in a partial password being leaked over the network and to the DNS servers...
Astra Linux - уязвимость в curl
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. As a result, it does not detect impostor attacks or man-in-the-middle attacks...
Astra Linux - уязвимость в curl
When curl is instructed to use the Certificate Status Request TLS extension, also known as OCSP stapling, to verify that the server certificate is valid, it may fail to detect certain OCSP issues and instead incorrectly consider the response to be fine. If the returned status reports an error oth...
Astra Linux - уязвимость в curl
When curl 7.84.0 performs FTP transfers secured by krb5, it incorrectly handles message verification failures. This flaw allows a Man-In-The-Middle attack to go unnoticed, and even enables the attacker to inject data into the client’s system...
Astra Linux - уязвимость в libreoffice
A vulnerability in certificate validation in LibreOffice’s “LibreOfficeKit” mode disables TLS certificate verification. LibreOfficeKit can be used to access LibreOffice functionality through C/C++. Typically, this is used by third-party components to reuse LibreOffice as a library for converting,...
Astra Linux - уязвимость в curl
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port. In this way, the malicious server can potentially enable curl to extract information about services that would otherwise be private and undisclosed. This could...
Astra Linux - уязвимость в curl
There is a vulnerability in curl version 7.87.0 where it is possible to exploit the memory reclamation mechanism. In this vulnerability, curl can be instructed to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When curl...
Astra Linux - уязвимость в curl
When curl is used to retrieve and parse cookies from an HTTPS server, it accepts cookies using control codes that, when sent back to an HTTP server later, may cause the server to return 400 responses. This effectively allows a “sister site” to deny service to all other sibling sites...
Astra Linux - уязвимость в curl
There is an improper authentication vulnerability in curl versions 7.33.0 through and including 7.82.0. This vulnerability may allow for the reuse of OAUTH2-authenticated connections without ensuring that the connection was authentically verified with the same credentials used for this transfer...
Astra Linux - уязвимость в firefox, thunderbird
Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
Astra Linux - уязвимость в curl
An integer overflow vulnerability exists in the tooloperate.c file of curl 7.65.2, which can be exploited by using a large value as the retry delay. NOTE: Many reports indicate that this does not have a direct security impact on the curl user. However, it may in theory cause a denial of service t...
Astra Linux - уязвимость в curl
When the curl command is used to retrieve content using the Metalink feature, and a user name and password are used to download the Metalink XML file, those same credentials are then passed to each server from which the curl command will attempt to download or retrieve the content. This often...
Astra Linux - уязвимость в curl
libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take ‘issuercert’ into account, and it compared the involved paths case insensitively, which could...
Astra Linux - уязвимость в curl
When curl version 7.20.0 or later connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can send multiple responses at once, which are cached by curl. In this case, curl upgrades to TLS, but it does not discard the cached responses. Instead, it...
Astra Linux - уязвимость в curl
A user can specify that curl = 7.20.0 and = 7.78.0 requires a successful upgrade to TLS when communicating with IMAP, POP3, or FTP servers. This is achieved by using the --ssl-reqd option on the command line, or setting CURLOPT USESSL to CURLUSESSLCONTROL or CURLUSESSLALL with licurl. This...
Astra Linux - уязвимость в curl
This flaw allows an attacker to insert cookies into a running program using libcurl, provided that certain conditions are met. liocurl performs transfers. In its API, an application can create “easy handles”—individual handles for single transfers. liocurl provides a function called...
Astra Linux - уязвимость в firefox
Due to insufficient escaping of special characters in the “copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user’s system. This vulnerability was fixed in Firefox 138 and Thunderbird 138...