Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2024/03/14 12:0 a.m.25 views

EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2024-1376)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to...

9.8CVSS7.7AI score0.78483EPSS
Exploits6References3
Tenable Nessus
Tenable Nessus
added 2024/03/14 12:0 a.m.23 views

EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2024-1355)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to...

9.8CVSS7.7AI score0.78483EPSS
Exploits6References3
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.25 views

EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2024-1005)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to...

9.8CVSS7.7AI score0.78483EPSS
Exploits6References3
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.25 views

EulerOS 2.0 SP10 : curl (EulerOS-SA-2024-1079)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 prox...

9.8CVSS7.8AI score0.78483EPSS
Exploits6References3
UbuntuCve
UbuntuCve
added 2023/10/11 6:0 a.m.68 views

CVE-2023-38546

This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a functio...

3.7CVSS6.9AI score0.06208EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/10/11 12:0 a.m.216 views

libcurl 7.9.1 < 8.4.0 Cookie Injection

The version of libcurl installed on the remote host is affected by a cookie injection vulnerability. This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application...

3.7CVSS7.4AI score0.06208EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/11 12:0 a.m.109 views

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2023-377)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-377 advisory. An issue was found in curl that can cause a buffer overflow in its SOCKS5 proxy communications code. When curl is using a SOCKS5 proxy and it needs to resolve a hostname to an IP address, its...

9.8CVSS8AI score0.78483EPSS
Exploits6References6
Tenable Nessus
Tenable Nessus
added 2014/11/19 12:0 a.m.28 views

Mandriva Linux Security Advisory : curl (MDVSA-2014:213)

Updated curl packages fix security vulnerability : Symeon Paraschoudis discovered that the curleasyduphandle function in cURL has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires...

4.3CVSS7.5AI score0.05121EPSS
Exploits0References2
CVE
CVE
added 2014/11/15 8:0 p.m.176 views

CVE-2014-3707

CVE-2014-3707 affects libcurl/curl prior to a non-vulnerable build when using CURLOPT_COPYPOSTFIELDS, where curl_easy_duphandle incorrectly copies HTTP POST data, causing an out-of-bounds read. Affected products/versions cited in the documents include libcurl/curl 7.17.1 through 7.38.0, enabling ...

4.3CVSS9.2AI score0.05121EPSS
Exploits0References13Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/11/11 12:0 a.m.23 views

Fedora 20 : curl-7.32.0-15.fc20 (2014-14354)

fix handling of CURLOPTCOPYPOSTFIELDS in curleasyduphandle CVE-2014-3707 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

4.3CVSS7.5AI score0.05121EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2014/11/05 12:0 a.m.26 views

CVE-2014-3707

The curleasyduphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPTCOPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information...

4.3CVSS7AI score0.05121EPSS
Exploits0References3
Rows per page
Query Builder