22 matches found
Slackware: Security Advisory (SSA:2015-302-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Vulnerabilities in libcurl and cURL affect Rational DOORS (CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153, CVE-2015-3236)
Summary Vulnerabilities in libcurl and cURL affect Rational DOORS. Vulnerability Details CVEID: CVE-2015-3143 DESCRIPTION: libcurl could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently authenticated connections. By sending a...
Security Bulletin: Multiple vulnerabilities in cURL libcURL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2015-3144 and CVE-2015-3145)
Summary cURL libcURL vulnerabilities were disclosed on April 22, 2015 by the cURL Project. cURL is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors has addressed the applicable CVEs. Vulnerability Details CVE-ID: CVE-2015-3144 DESCRIPTION: libcurl and cURL are...
Security Bulletin: Multiple vulnerabilities in cURL libcURL affect IBM Tivoli Composite Application Manager for Transactions (CVE-2015-3143, CVE-2015-3144 and CVE-2015-3145)
Summary cURL libcURL vulnerabilities were disclosed on April 22, 2015 by the cURL Project. cURL is used by IBM Tivoli Composite Application Manager for Transactions has addressed the applicable CVEs. Vulnerability Details CVE-ID: CVE-2015-3143 DESCRIPTION: libcurl could allow a remote attacker fr...
Juniper Networks Junos OS Multiple cURL and libcurl Vulnerabilities
Junos OS is prone to multiple vulnerabilities in cURL and libcurl. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"...
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : curl (SSA:2015-302-01)
New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2015-302-01. The text itsel...
MySQL Enterprise Monitor 2.3.x < 2.3.21 / 3.0.x < 3.0.23 Multiple Vulnerabilities
According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 2.3.x prior to 2.3.21 or 3.0.x prior to 3.0.23. It is, therefore, potentially affected by multiple vulnerabilities : - An invalid read error exists in the ASN1TYPEcmp function due to...
Gentoo Security Advisory GLSA 201509-02
Gentoo Linux Local Security Checks GLSA 201509-02 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
cURL / libcURL 7.x < 7.42.0 Multiple Vulnerabilities
Binary data 8863.prm...
Fedora Update for curl FEDORA-2015-6695
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2015:0990-1)
curl was updated to fix five security issues. The following vulnerabilities were fixed : - CVE-2015-3143: curl could re-use NTML authenticateds connections - CVE-2015-3144: curl could access memory out of bounds with zero length host names - CVE-2015-3145: curl cookie parser could access memory o...
[USN-2591-1] curl vulnerabilities
========================================================================== Ubuntu Security Notice USN-2591-1 April 30, 2015 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
Fedora Update for mingw-curl FEDORA-2015-6853
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 21 : mingw-curl-7.42.0-1.fc21 (2015-6853)
Update to 7.42.0 which fixes various CVE's Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...
Fedora 21 : curl-7.37.0-14.fc21 (2015-6728)
require credentials to match for NTLM re-use CVE-2015-3143 - fix invalid write with a zero-length host name in URL CVE-2015-3144 - fix invalid write in cookie path sanitization code CVE-2015-3145 - close Negotiate connections when done CVE-2015-3148 Note that Tenable Network Security has...
Fedora 22 : mingw-curl-7.42.0-1.fc22 (2015-6864)
Update to 7.42.0 which fixes various CVE's Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...
openSUSE Security Update : curl (openSUSE-2015-336)
curl was updated to fix four security issues. The following vulnerabilities were fixed : - CVE-2015-3143: curl could re-use NTML authenticateds connections - CVE-2015-3144: curl could access memory out of bounds with zero length host names - CVE-2015-3145: curl cookie parser could access memory o...
Fedora 22 : curl-7.40.0-3.fc22 (2015-6695)
require credentials to match for NTLM re-use CVE-2015-3143 - fix invalid write with a zero-length host name in URL CVE-2015-3144 - fix invalid write in cookie path sanitization code CVE-2015-3145 - close Negotiate connections when done CVE-2015-3148 Note that Tenable Network Security has...
Amazon Linux AMI : curl (ALAS-2015-514)
It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticed requests to the same server,...
CVE-2015-3144
CVE-2015-3144 affects curl and libcurl; the fix_hostname function can miscalculate an index, enabling out-of-bounds read/write via a zero-length host name (examples: http://:80 and :80.), leading to denial of service (crash) and potentially other impacts. Public documents consistently describe th...