15 matches found
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1376)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 8 : curl (RHSA-2023:7540)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7540 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, a...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1079)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC
Summary There are multiple vulnerabilities in Curl that affect PowerSC. PowerSC uses Curl as part of PowerSC Trusted Network Connect TNC. Vulnerability Details CVEID:CVE-2023-38039 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by not limiting the number and size of header...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-3239)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-3267)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-38546
This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a functio...
Improper Session Handling
php is vulnerable to improper session handling. The vulnerability exists as an attacker to create a cross-site cookie insertion attack if a victim follows an untrusted carefully-crafted URL...
Oracle Linux 3 : php (ELSA-2007-0889)
From Red Hat Security Advisory 2007:0889 : Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language common...
Scientific Linux Security Update : php on SL3.x i386/x86_64
Various integer overflow flaws were found in the PHP gd extension script that could be forced to resize images from an untrusted source, possibly allowing a remote attacker to execute arbitrary code as the apache user. CVE-2007-3996 An integer overflow flaw was found in the PHP chunksplit functio...
php cross-site cookie insertion
The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...
Moderate: Red Hat Security Advisory: php security update
Updated PHP packages that fix several security issues are now available for Red Hat Application Stack. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The...
php cross-site cookie insertion
The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...
Fedora Core 6 : php-5.1.6-3.7.fc6 (2007-709)
This update fixes a number of security issues in PHP : - various integer overflow flaws were found in the PHP gd extension. A script that could be forced to resize images from an untrusted source could possibly allow a remote attacker to execute arbitrary code as the apache user. CVE-2007-3996 - ...
RHEL 4 / 5 : php (RHSA-2007:0890)
The remote Redhat Enterprise Linux 4 / 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2007:0890 advisory. - gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG CVE-2007-2756 - php chunksplit integer overflow CVE-2007-2872 - p...