42 matches found
Photon OS 2.0: Curl PHSA-2019-2.0-0128
An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0128. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
RHEL 6 / 7 : httpd24 (RHSA-2018:3558)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of...
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability in cURL (CVE-2018-14618)
Summary IBM Dynamic System Analysis DSA Preboot has addressed the following vulnerability in cURL. Vulnerability Details CVEID: CVE-2018-14618 DESCRIPTION: cURL libcurl is vulnerable to a buffer overflow, caused by an integer overflow flaw in the Curlntlmcoremknthash internal function in the NTLM...
Slackware: Security Advisory (SSA:2018-249-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:2717-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:2715-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1090)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1047)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Multiple Vulnerabilities in libCurl affects IBM Watson Studio Local
Summary Multiple Vulnerabilities in libCurl affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2019-5435 DESCRIPTION: An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. CVSS Base score: 7.3 CVSS Temporal Score: See:...
Scientific Linux Security Update : curl on SL7.x x86_64 (20190729)
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes : - curl: NTLM password overflow via integer overflow CVE-2018-14618 For more details about the security issues, including t...
Oracle Linux 7 : curl (ELSA-2019-1880)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-1880 advisory. - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitive password comparison...
curl security and bug fix update
7.29.0-51.0.1.el76.3 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitive password comparison https://curl.haxx.se/docs/CVE-2016-8616.html - CVE-2016-8617 OOB write via unchecked...
curl: An integer overflow found in /lib/urlapi.c
Summary: libcurl contains a heap-based buffer overrun in /lib/urlapi.c. A similiar issue to CVE-2018-14618. Steps To Reproduce: analysis I found a potential integer overflow which may lead to a buffer overrun in /curl/lib/urlapi.c. In function seturl, urllen was multiplied by 2 and then passed to...
openSUSE Security Update : curl (openSUSE-2019-694)
This update for curl fixes the following issues : This security issue was fixed : - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code bsc1106019 This non-security issue was fixed : - Use OPENSSLconfig instead of CONFmodulesloadfile to avoid crashes due to openssl engines...
EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-1047)
According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curlntlmcoremknthash multiplies t...
Fedora 29 : curl (2018-7f83032de6)
fix NTLM password overflow via integer overflow CVE-2018-14618 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 28 : curl (2018-111044d435)
fix NTLM password overflow via integer overflow CVE-2018-14618 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2018:2714-1)
This update for curl fixes the following issues : This security issue was fixed : CVE-2018-14618: Prevent integer overflow in the NTLM authentication code bsc1106019 The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the...
Amazon Linux 2 : curl (ALAS-2018-1135)
curl is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curlntlmcoremknthash multiplies the length of the password by two SUM to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over...
Moderate: Red Hat Security Advisory: httpd24 security, bug fix, and enhancement update
An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...