14 matches found
EUVD-2014-0197
Malware in sbrugna...
RLSA-2023:4523 Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: GSS delegation too eager connection re-use CVE-2023-27536 curl: IDN wildcard match may lead to Improper Cerificate...
curl security update
7.61.1-30.el88.3 - GSS delegation too eager connection re-use CVE-2023-27536 - fix host name wildcard checking CVE-2023-28321 - rebuild certs with 2048-bit RSA keys...
Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: GSS delegation too eager connection re-use CVE-2023-27536 curl: IDN wildcard match may lead to Improper Cerificate...
Internet Bug Bounty: CVE-2023-27536: GSS delegation too eager connection re-use
A vulnerability was found in libcurl versions 7.22.0 to 7.88.1 that allowed for the reuse of a previously created connection even when the GSS delegation option had been changed, potentially changing the user's permissions in a second transfer. This could affect krb5/kerberos/negotiate/GSSAPI...
K15862: Multiple cURL and libcurl vulnerabilities CVE-2014-0015, CVE-2014-0138, and CVE-2014-0139
Security Advisory Description CVE-2014-0015 cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. CVE-2014-0138 The default configuration in...
ALSA-2022:5313 Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl:...
Internet Bug Bounty: OAUTH2 bearer not-checked for connection re-use
libcurl might reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protcols: SMTPS, IMAPS, POP3S and LDAPS openldap only. libcurl maintains a pool of connections afte...
Updated curl packages fix security vulnerability
If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. The issue pertains to the function that loads cookies into memory, which reads the specified file...
curl: information leakage
CVE-2015-3236 lingering HTTP credentials in connection re-use: libcurl can wrongly send HTTP credentials when re-using connections. libcurl allows applications to set credentials for the upcoming transfer with HTTP Basic authentication, like with CURLOPTUSERPWD for example. Name and password...
CVE-2015-3148
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request...
SuSE 11.3 Security Update : curl (SAT Patch Number 9133)
This curl update fixes the following security issues : - wrong re-use of connections. CVE-2014-0138. bnc868627 - IP address wildcard certificate validation. CVE-2014-0139. bnc868629 - --insecure option inappropriately enforcing security safeguard. bnc870444 %NASLMINLEVEL 70300 C Tenable Network...
Fedora 19 : curl-7.29.0-17.fc19 (2014-4449)
fix connection re-use when using different log-in credentials CVE-2014-0138 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introduci...
Fedora 20 : curl-7.32.0-8.fc20 (2014-4436)
fix connection re-use when using different log-in credentials CVE-2014-0138 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introduci...