Lucene search
K

15 matches found

OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.25 views

Slackware: Security Advisory (SSA:2015-302-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS9AI score0.3763EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/01 8:19 a.m.34 views

Security Bulletin: Vulnerabilities in libcurl and cURL affect Rational DOORS (CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153, CVE-2015-3236)

Summary Vulnerabilities in libcurl and cURL affect Rational DOORS. Vulnerability Details CVEID: CVE-2015-3143 DESCRIPTION: libcurl could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently authenticated connections. By sending a...

9CVSS0.3AI score0.3763EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/10/30 12:0 a.m.30 views

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : curl (SSA:2015-302-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2015-302-01. The text itsel...

9CVSS7.5AI score0.3763EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2015/09/29 12:0 a.m.35 views

Gentoo Security Advisory GLSA 201509-02

Gentoo Linux Local Security Checks GLSA 201509-02 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

9CVSS7.5AI score0.3763EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.32 views

Amazon Linux: Security Advisory (ALAS-2015-551)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS8.7AI score0.09334EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2015/07/07 12:0 a.m.32 views

Fedora Update for curl FEDORA-2015-10155

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS9.5AI score0.09334EPSS
Exploits0References2
Mageia
Mageia
added 2015/07/05 5:22 p.m.42 views

Updated curl package fixes security vulnerability

libcurl can wrongly send HTTP credentials when re-using connections. Even if the handle for an HTTP connection is reset, it retains the credentials, which can cause them to be unintentionally leaked in subsequent requests CVE-2015-3236. libcurl can get tricked by a malicious SMB server to send of...

6.4CVSS9.1AI score0.09334EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/06/25 12:0 a.m.32 views

Fedora 22 : curl-7.40.0-5.fc22 (2015-10155)

implement public key pinning for NSS backend 1195771 - fix lingering HTTP credentials in connection re-use CVE-2015-3236 - prevent SMB from sending off unrelated memory contents CVE-2015-3237 - curl-config --libs now works on x8664 without libcurl-devel.x8664 1228363 Note that Tenable Network...

6.4CVSS8AI score0.09334EPSS
Exploits0References5
OSV
OSV
added 2015/06/22 7:59 p.m.2 views

DEBIAN-CVE-2015-3236

cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...

5CVSS6.9AI score0.0821EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/06/22 7:0 p.m.32 views

CVE-2015-3236

cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...

9.2AI score0.0821EPSS
Exploits0References10
CVE
CVE
added 2015/06/22 7:0 p.m.85 views

CVE-2015-3236

CVE-2015-3236 affects curl/libcurl 7.40.0–7.42.1, where HTTP Basic credentials from a prior connection could be reused after a curl_easy_reset when contacting the same host, leading to potential disclosure of sensitive credentials. The root cause is lingering credentials/connections kept in the h...

5CVSS9.1AI score0.0821EPSS
Exploits0References10Affected Software2
Kaspersky
Kaspersky
added 2015/06/22 12:0 a.m.55 views

KLA10618 Information disclosure vulnerability in cURL

Multiple serious vulnerabilities have been found in cURL. Malicious users can exploit these vulnerabilities to obtain sensitive information. Below is a complete list of vulnerabilities 1. An unknown vulnerability related to SMB can be exploited remotely via specially designed length and offset...

6.4CVSS9AI score0.09334EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2015/06/22 12:0 a.m.50 views

curl: information leakage

CVE-2015-3236 lingering HTTP credentials in connection re-use: libcurl can wrongly send HTTP credentials when re-using connections. libcurl allows applications to set credentials for the upcoming transfer with HTTP Basic authentication, like with CURLOPTUSERPWD for example. Name and password...

6.4CVSS0.1AI score0.09334EPSS
Exploits0References4
ALT Linux
ALT Linux
added 2015/06/19 12:0 a.m.30 views

Security fix for the ALT Linux 8 package curl version 7.43.0-alt1

June 19, 2015 Anton Farygin 7.43.0-alt1 - new version, with fixes for CVE-2015-3236, CVE-2015-3237...

6.4CVSS7.1AI score0.09334EPSS
Exploits0
Amazon
Amazon
added 2015/06/18 12:0 a.m.45 views

Medium: curl

Issue Overview: As discussed upstream http://curl.haxx.se/docs/adv20150617A.html, libcurl can wrongly send HTTP credentials when re-using connections. CVE-2015-3236 Also discussed upstream http://curl.haxx.se/docs/adv20150617B.html, libcurl can get tricked by a malicious SMB server to send off da...

6.4CVSS8.9AI score0.09334EPSS
Exploits0
Rows per page
Query Builder