7 matches found
Advisory ROSA-SA-2021-1818
Software: curl 7.29.0 OS: Cobalt 7.9 CVE-ID: CVE-2013-4545 CVE-Crit: CRITICAL CVE-DESC: cURL and libcurl from 7.18.0 through 7.32.0 when built with OpenSSL disables validation of CN and SAN certificate name fields CURLOPTSSLVERIFYHOST when digital signature validation CURLOPTSSLVERIFYPEER is...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1626)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : curl (SSA:2016-141-01)
New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2016-141-01. The text itse...
CVE-2016-3739
The 1 mbedconnectstep1 function in lib/vtls/mbedtls.c and 2 polarsslconnectstep1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid...
CVE-2016-3739
CVE-2016-3739 affects curl/libcurl prior to 7.49.0. The flaw exists in the mbed_connect_step1 (mbedtls.c) and polarssl_connect_step1 (polarssl.c) code paths when using SSLv3 or TLS for a URL that resolves to a numerical IP address. This can enable remote attackers to spoof the TLS/SSL server by p...
CVE-2016-3739
The 1 mbedconnectstep1 function in lib/vtls/mbedtls.c and 2 polarsslconnectstep1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid...
CVE-2016-3739
The 1 mbedconnectstep1 function in lib/vtls/mbedtls.c and 2 polarsslconnectstep1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid...