CVE-2024-5699

In violation of spec, cookie prefixes such as Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...

Linux Distros Unpatched Vulnerability : CVE-2016-8616

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existi...

Privilege Escalation

github.com/istio/istio is vulnerable to privilege escalation. Lack of case-sensitive comparison of hostname in the HTTP Host header allows an attacker to bypass the authorization policy as it causes the Envoy proxy to route the request hostname in a case-insensitive way...

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

CURL-CVE-2021-22924 Bad connection reuse due to flawed path name checks

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take 'issuer cert' into account and it compared the involved paths case insensitively, which could...

curl security and bug fix update

7.29.0-54.0.1 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitive password comparison https://curl.haxx.se/docs/CVE-2016-8616.html - CVE-2016-8617 OOB write via unchecked multiplication...

[SECURITY] [DSA 3705-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3705-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini November 03, 2016 https://www.debian.org/security/faq -...

MGASA-2015-0213 Updated pam packages fix security vulnerabilities

Updated pam packages fix security vulnerabilities: The pamuserdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack CVE-2013-7041. Multiple directory traversal vulnerabilities in...

CVE-2013-7041

The pamuserdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack...