26 matches found
RHEL 6 / 7 : httpd24 (RHSA-2018:3558)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of...
Mageia: Security Advisory (MGASA-2018-0054)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2018-0053)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:0122-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: httpd24 security, bug fix, and enhancement update
An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Fedora Update for curl FEDORA-2018-ba443bcb6d
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : curl -- password overflow vulnerability (f4d638b9-e6e5-4dbe-8c70-571dbc116174)
curl security problems : CVE-2018-14618: NTLM password overflow via integer overflow The internal function Curlntlmcoremknthash multiplies the length of the password by two SUM to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to...
Integer overflow
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curlntlmcoremknthash multiplies the length of the password by two SUM to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently...
Photon OS 2.0 : Linux / Postgresql / Binutils / Curl / Libtiff (PhotonOS-PHSA-2018-2.0-0016) (deprecated)
An update of 'linux', 'curl', 'binutils', 'postgresql', 'libtiff' packages of Photon OS has been released. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2/7/2019 The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0016. The...
About the security content of macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan
About the security content of macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan This document describes the security content of macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan. About Apple securi...
openSUSE Security Update : curl (openSUSE-2018-56)
This update for curl fixes the following issues : Security issues fixed : - CVE-2017-8816: Buffer overrun flaw in the NTLM authentication code bsc1069226. - CVE-2017-8817: Read out of bounds flaw in the FTP wildcard function bsc1069222. This update was imported from the SUSE:SLE-12:Update update...
SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:0122-1)
This update for curl fixes the following issues: Security issues fixed : - CVE-2017-8816: Buffer overrun flaw in the NTLM authentication code bsc1069226. - CVE-2017-8817: Read out of bounds flaw in the FTP wildcard function bsc1069222. Note that Tenable Network Security has extracted the precedin...
SUSE-SU-2018:0122-1 Security update for curl
This update for curl fixes the following issues: Security issues fixed: - CVE-2017-8816: Buffer overrun flaw in the NTLM authentication code bsc1069226. - CVE-2017-8817: Read out of bounds flaw in the FTP wildcard function bsc1069222...
Fedora 27 : curl (2017-45bdf4dace)
fix NTLM buffer overflow via integer overflow CVE-2017-8816 - fix FTP wildcard out of bounds read CVE-2017-8817 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format...
Amazon Linux AMI : curl (ALAS-2018-938)
The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service integer overflow and resultant buffer overflow, and application crash or possibly have unspecified other impact via vectors involving long user and password fields...
Fedora 26 : curl (2017-0c062324cd)
fix NTLM buffer overflow via integer overflow CVE-2017-8816 - fix FTP wildcard out of bounds read CVE-2017-8817 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format...
CVE-2017-8816
creationtimestamp| type| source ---|---|--- 2017-12-02 15:15:56+00:00| published-proof-of-concept| https://t.me/canyoupwnme/2787...
Security fix for the ALT Linux 8 package curl version 7.57.0-alt1
Dec. 1, 2017 Anton Farygin 7.57.0-alt1 - new version - fixes: CVE-2017-8818 SSL out of buffer access CVE-2017-8817 FTP wildcard out of bounds read CVE-2017-8816 NTLM buffer overflow via integer overflow...
Debian DSA-4051-1 : curl - security update
Two vulnerabilities were discovered in cURL, an URL transfer library. - CVE-2017-8816 Alex Nichols discovered a buffer overrun flaw in the NTLM authentication code which can be triggered on 32bit systems where an integer overflow might occur when calculating the size of a memory allocation. -...
Ubuntu 14.04 LTS / 16.04 LTS : curl vulnerabilities (USN-3498-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3498-1 advisory. Alex Nichols discovered that curl incorrectly handled NTLM authentication credentials. A remote attacker could use this issue to cause curl t...