Astra Linux - уязвимость в curl

This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a functio...

PT-2025-4747 · Polycom · Polycom Realpresence Group 500

Name of the Vulnerable Software and Affected Versions: Polycom RealPresence Group 500 versions =20 Description: The issue is related to insecure permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user...

OESA-2023-1762 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5...

AZL-34610 CVE-2023-38546 affecting package cmake for versions less than 3.21.4-10

This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a functio...

ROS-20231016-25

A vulnerability in the curl program line utility is related to a copy of the hostname in the buffer instead of the allowed address. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the libcurl library is related to...

SUSE CVE-2023-38546

This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a functio...

This flaw allows an attacker to insert cookies at will into a running program using libcurl if the specific series of conditions are met. libcurl performs transfers. In its API an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program usin

...

PT-2023-5886 · Libcurl +13 · Libcurl +13

Name of the Vulnerable Software and Affected Versions: libcurl versions prior to 8.4.0 Description: This issue allows an attacker to insert cookies at will into a running program using libcurl, if specific series of conditions are met. libcurl performs transfers and provides a function call that...