Lucene search
K

29 matches found

Hacker One
Hacker One
added 2022/04/28 8:30 a.m.98 views

curl: CVE-2022-27779: cookie for trailing dot TLD

Summary: In CVE-2014-3620 curl prevents cookies from being set for Top Level Domains TLDs. According to the advisory, curl's "cookie parser has no Public Suffix awareness", but it will "reject TLDs from being allowed". However, a cookie can still be set for a TLD + trailing dot. A trailing dot...

5CVSS6.8AI score0.04876EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.29 views

Mageia: Security Advisory (MGASA-2014-0385)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.1AI score0.07432EPSS
Exploits0References5
Rosalinux
Rosalinux
added 2021/07/02 4:36 p.m.55 views

Advisory ROSA-SA-2021-1818

Software: curl 7.29.0 OS: Cobalt 7.9 CVE-ID: CVE-2013-4545 CVE-Crit: CRITICAL CVE-DESC: cURL and libcurl from 7.18.0 through 7.32.0 when built with OpenSSL disables validation of CN and SAN certificate name fields CURLOPTSSLVERIFYHOST when digital signature validation CURLOPTSSLVERIFYPEER is...

9.8CVSS9.8AI score0.09327EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/01 8:19 a.m.34 views

Security Bulletin: Security vulnerabilities in Rational DOORS (CVE-2014-3613, CVE-2014-3620, CVE-2014-8730, CVE-2014-9495, CVE-2015-0973)

Summary IBM Rational DOORS contains multiple security vulnerabilities. Vulnerability Details Rational DOORS is affected by the following vulnerabilities disclosed in and corrected by Rational DOORS fix pack releases: CVE ID: CVE-2014-3613 Description: cURL/libcURL could allow a remote attacker to...

10CVSS1.1AI score0.1372EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2016/05/07 12:0 a.m.66 views

Juniper Networks Junos OS Multiple cURL and libcurl Vulnerabilities

Junos OS is prone to multiple vulnerabilities in cURL and libcurl. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"...

9CVSS7AI score0.3763EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2015/05/05 12:0 a.m.44 views

Fedora Update for mingw-curl FEDORA-2015-6853

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS8.1AI score0.3763EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/04/29 12:0 a.m.33 views

Fedora Update for curl FEDORA-2015-6712

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.3763EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2015/01/05 12:0 a.m.32 views

Fedora Update for mingw-curl FEDORA-2014-17601

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.9AI score0.07432EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/01/05 12:0 a.m.35 views

Fedora Update for curl FEDORA-2014-16690

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.9AI score0.11118EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2015/01/02 12:0 a.m.30 views

Fedora 21 : mingw-curl-7.39.0-1.fc21 (2014-17601)

Update to 7.39.0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Network...

5CVSS7.2AI score0.07432EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2014/12/02 12:0 a.m.29 views

Fedora Update for curl FEDORA-2014-15706

Check the version of curl SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868525";...

6.4CVSS7.8AI score0.07432EPSS
Exploits1References2
OSV
OSV
added 2014/11/18 3:59 p.m.1 views

DEBIAN-CVE-2014-3620

cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain...

5CVSS7.4AI score0.04876EPSS
Exploits0References1
CVE
CVE
added 2014/11/18 3:0 p.m.140 views

CVE-2014-3620

The provided connected sources confirm CVE-2014-3620: cURL/libcURL could allow a remote attacker to bypass security restrictions by setting cookies for Top Level Domains (TLDs). Affected are curl/libcurl prior to the fix; the issue enables a cookie to be set for a TLD (for example ".me."), and th...

5CVSS7.1AI score0.04876EPSS
Exploits0References8Affected Software1
OpenVAS
OpenVAS
added 2014/11/11 12:0 a.m.32 views

Fedora Update for curl FEDORA-2014-14354

Check the version of curl SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868469";...

6.4CVSS7.8AI score0.07432EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2014/10/09 12:0 a.m.27 views

Fedora Update for curl FEDORA-2014-10714

Check the version of curl SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868370";...

6.8CVSS7.3AI score0.11118EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2014/10/09 12:0 a.m.30 views

Fedora 19 : curl-7.29.0-23.fc19 (2014-10714)

use only full matches for hosts used as IP address in cookies CVE-2014-3613 - reject incoming cookies set for top level domains CVE-2014-3620 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

5CVSS7.2AI score0.07432EPSS
Exploits0References5
Mageia
Mageia
added 2014/09/24 4:44 p.m.38 views

Updated curl packages fix security vulnerabilities

Updated curl packages fix security vulnerabilities: In cURL before 7.38.0, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. For this problem to trigger, the client application must use the numerical IP address in the URL to...

5CVSS7.9AI score0.07432EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/09/23 12:0 a.m.41 views

Fedora 21 : curl-7.37.0-7.fc21 (2014-10679)

use only full matches for hosts used as IP address in cookies CVE-2014-3613 - reject incoming cookies set for top level domains CVE-2014-3620 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

5CVSS7.2AI score0.07432EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2014/09/18 12:0 a.m.32 views

openSUSE Security Update : curl (openSUSE-SU-2014:1139-1)

libcurl was updated to fix security issues : CVE-2014-3613: Cookies for hosts specified by numeric IP could be assigned or used for other numeric IP hosts if portions of the numerics were the same. CVE-2014-3620: libcurl allowed cookies to be set for toplevel domains, making them to broad...

5CVSS7.1AI score0.07432EPSS
Exploits0References5
Amazon
Amazon
added 2014/09/17 12:0 a.m.37 views

Medium: curl

Issue Overview: libcurl wrongly allows cookies to be set for TLDs, thus making them much broader then they are supposed to be allowed to. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain. By not detecting and rejecting domain names...

5CVSS7.8AI score0.07432EPSS
Exploits0
Rows per page
Query Builder