openSUSE: Security Advisory for curl (SUSE-SU-2022:2327-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:3692-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:4598-1 Security update for curl

This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free bsc1206309...

undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect

Impact Authorization headers are already cleared on cross-origin redirect in https://github.com/nodejs/undici/blob/main/lib/handler/redirect.jsL189, based on https://github.com/nodejs/undici/issues/872. However, cookie headers which are sensitive headers and are official headers found in the spec...

SUSE-SU-2020:3739-1 Security update for curl

This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side bsc1179593. - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard bsc1179399. - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a...

SUSE-SU-2020:14409-1 Security update for curl

This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027...

CURL-CVE-2016-9594 uninitialized random

libcurl's new internal function that returns a good 32-bit random value was implemented poorly and overwrote the pointer instead of writing the value into the buffer the pointer pointed to. This random value is used to generate nonces for Digest and NTLM authentication, for generating boundary...

CURL-CVE-2016-9952 Win CE Schannel cert wildcard matches too much

curl's TLS server certificate checks are flawed on Windows CE. This vulnerability occurs in the verify certificate function when comparing a wildcard certificate name as returned by the Windows API function CertGetNameString to the hostname used to make the connection to the server. The...

CURL-CVE-2016-8623 Use after free via shared cookies

libcurl explicitly allows users to share cookies between multiple easy handles that are concurrently employed by different threads. When cookies to be sent to a server are collected, the matching function collects all cookies to send and the cookie lock is released immediately afterwards. That...