46 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-3613
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary...
Mageia: Security Advisory (MGASA-2014-0384)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2014-0385)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Vulnerabilities in curl affect Power Hardware Management Console (CVE-2015-3143 CVE-2015-3148 CVE-2015-3153 CVE-2014-3613 CVE-2014-3707 CVE-2014-8150)
Summary curl is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3143 DESCRIPTION: libcurl could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently...
Security Bulletin: Security vulnerabilities in Rational DOORS (CVE-2014-3613, CVE-2014-3620, CVE-2014-8730, CVE-2014-9495, CVE-2015-0973)
Summary IBM Rational DOORS contains multiple security vulnerabilities. Vulnerability Details Rational DOORS is affected by the following vulnerabilities disclosed in and corrected by Rational DOORS fix pack releases: CVE ID: CVE-2014-3613 Description: cURL/libcURL could allow a remote attacker to...
CRLF Injection
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker...
Security Bulletin: Multiple vulnerabilities in curl affect PowerKVM
Summary PowerKVM is affected by several vulnerabilities in curl. These vulnerabilities are now fixed. Vulnerability Details CVEID: CVE-2014-3613 DESCRIPTION: cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the failure to properly detect and reject domain name...
Security Bulletin: Vulnerabilities in cURL and libcURL affect IBM Security Access Manager (CVE-2014-3613, CVE-2014-8150)
Summary IBM Security Access Manager is affected by vulnerabilities in cURL and libcURL. Vulnerability Details CVEID: CVE-2014-3613 DESCRIPTION: cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the failure to properly detect and reject domain names for IP...
Security Bulletin: Vulnerabilities in curl affect IBM Security Network Protection
Summary The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security vulnerabilities have been discovered in libcurl used with IBM Security Network Protection. Vulnerability Details CVEID:...
Juniper Networks Junos OS Multiple cURL and libcurl Vulnerabilities
Junos OS is prone to multiple vulnerabilities in cURL and libcurl. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"...
curl, libcurl security update
CentOS Errata and Security Advisory CESA-2015:2159 Updated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common...
RedHat Update for curl RHSA-2015:2159-06
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: curl security, bug fix, and enhancement update
Updated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Oracle: Security Advisory (ELSA-2015-1254)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scientific Linux Security Update : curl on SL6.x i386/x86_64 (20150722)
It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issu...
OracleVM 3.3 : curl (OVMSA-2015-0107)
The remote OracleVM system is missing necessary patches to address critical security updates : - require credentials to match for NTLM re-use CVE-2015-3143 - close Negotiate connections when done CVE-2015-3148 - reject CRLFs in URLs passed to proxy CVE-2014-8150 - use only full matches for hosts...
Moderate: Red Hat Security Advisory: curl security, bug fix, and enhancement update
Updated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Fedora Update for mingw-curl FEDORA-2015-6853
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for curl FEDORA-2015-6712
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SuSE 11.3 Security Update : curl (SAT Patch Number 10166)
This update fixes the following security issues : - URL request injection bnc911363 When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. CVE-2014-8150 If the given URL contains line feeds and carriage returns those will be sent alo...