Lucene search
K

33 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2016-8615

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a...

7.5CVSS7.1AI score0.04498EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.35 views

RHEL 6 / 7 : httpd24 (RHSA-2018:3558)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of...

10CVSS7AI score0.86006EPSS
Exploits0References89
Oracle linux
Oracle linux
added 2023/12/12 12:0 a.m.382 views

curl security update

7.29.0-59.0.3.el79.2 - load CA certificates even with --insecure Orabug: 32836997 - Fix TFTP small blocksize heap buffer overflow https://curl.haxx.se/docs/CVE-2019-5482.htmlCVE-2019-5482Orabug: 30568724 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers...

9.8CVSS8.3AI score0.17939EPSS
Exploits1
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.28 views

Debian: Security Advisory (DLA-711-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8AI score0.05915EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2023/02/21 6:48 p.m.27 views

K01006862: cURL and libcurl vulnerability CVE-2016-8615

Security Advisory Description A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. CVE-2016-8615 Impact...

7.5CVSS7.5AI score0.04498EPSS
Exploits0Affected Software17
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.31 views

Slackware: Security Advisory (SSA:2016-308-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.7AI score0.05915EPSS
Exploits0References13
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.72 views

Mageia: Security Advisory (MGASA-2018-0053)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.11175EPSS
Exploits0References21
Rosalinux
Rosalinux
added 2021/07/02 4:36 p.m.55 views

Advisory ROSA-SA-2021-1818

Software: curl 7.29.0 OS: Cobalt 7.9 CVE-ID: CVE-2013-4545 CVE-Crit: CRITICAL CVE-DESC: cURL and libcurl from 7.18.0 through 7.32.0 when built with OpenSSL disables validation of CN and SAN certificate name fields CURLOPTSSLVERIFYHOST when digital signature validation CURLOPTSSLVERIFYPEER is...

9.8CVSS9.8AI score0.09327EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2016:2699-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8AI score0.11737EPSS
Exploits0References14
Oracle linux
Oracle linux
added 2020/10/06 12:0 a.m.228 views

curl security update

7.29.0-59.0.1 - Fix TFTP small blocksize heap buffer overflow https://curl.haxx.se/docs/CVE-2019-5482.htmlCVE-2019-5482Orabug: 30568724 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitiv...

9.8CVSS2.5AI score0.17939EPSS
Exploits0
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.36 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2017-1035)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.3AI score0.11737EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2019/08/13 12:0 a.m.152 views

curl security and bug fix update

7.29.0-54.0.1 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitive password comparison https://curl.haxx.se/docs/CVE-2016-8616.html - CVE-2016-8617 OOB write via unchecked multiplication...

10CVSS2.4AI score0.10823EPSS
Exploits0
Oracle linux
Oracle linux
added 2019/07/30 12:0 a.m.198 views

curl security and bug fix update

7.29.0-51.0.1.el76.3 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitive password comparison https://curl.haxx.se/docs/CVE-2016-8616.html - CVE-2016-8617 OOB write via unchecked...

10CVSS2.6AI score0.10823EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/05/24 12:0 a.m.49 views

Oracle Linux 6 / 7 : curl (ELSA-2019-4652)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4652 advisory. - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitive password compariso...

9.8CVSS7.3AI score0.05915EPSS
Exploits0References12
Oracle linux
Oracle linux
added 2019/05/21 12:0 a.m.186 views

curl security update

7.29.0-51.0.1 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitive password comparison https://curl.haxx.se/docs/CVE-2016-8616.html - CVE-2016-8617 OOB write via unchecked multiplication...

9.8CVSS3.2AI score0.05915EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2018/11/13 8:36 a.m.509 views

Moderate: Red Hat Security Advisory: httpd24 security, bug fix, and enhancement update

An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

10CVSS7AI score0.86006EPSS
Exploits0References49
CVE
CVE
added 2018/08/01 6:0 a.m.181 views

CVE-2016-8615

CVE-2016-8615 affects curl prior to 7.51.0, where if cookie state is written to a cookie jar and later read back, a malicious HTTP server can inject cookies for arbitrary domains. This cookie-jar handling issue is corroborated by Debian security advisories and Cloud Foundry USN entries, which des...

7.5CVSS7.7AI score0.04498EPSS
Exploits0References12Affected Software1
Mageia
Mageia
added 2018/01/03 4:40 p.m.95 views

Updated curl packages fix security vulnerability

If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. The issue pertains to the function that loads cookies into memory, which reads the specified file...

9.8CVSS0.11175EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2017/12/26 12:0 a.m.30 views

F5 Networks BIG-IP : cURL and libcurl vulnerability (K01006862)

A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.CVE-2016-8615 Impact When a cURL connection stores a...

7.5CVSS7.2AI score0.04498EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/05/01 12:0 a.m.288 views

EulerOS 2.0 SP1 : curl (EulerOS-SA-2017-1036)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflows in the 1 curlescape, 2 curleasyescape, 3 curlunescape, and 4 curleasyunescape functions in libcurl before 7.50.3 allow...

9.8CVSS7.3AI score0.11737EPSS
Exploits0References11
Rows per page
Query Builder