7 matches found
Astra Linux – Vulnerability in curl
When the curl command is used to retrieve content using the Metalink feature, and a user name and password are used to download the Metalink XML file, those same credentials are then passed to each server from which the curl command will attempt to download or retrieve the content. This often...
SUSE CVE-2021-22923
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often...
When curl is instructed to get content using the metalink feature and a user name and password are used to download the metalink XML file those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.
...
AZL-6362 CVE-2021-22923 affecting package curl for versions less than 7.76.0-5
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often...
ALPINE-CVE-2021-22923
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often...
StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks
The APT group known as StrongPity is back with a new watering-hole campaign, targeting mainly Kurdish victims in Turkey and Syria. The malware served offers operators the ability to search for and exfiltrate any file or document from a victim’s machine. The group a.k.a. Promethium is operating a...
CCleanup: A Vast Number of Machines at Risk
This post was authored by: Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig WilliamsUpdate 9/18: CCleaner Cloud version 1.07.3191 is also reported to be affectedUpdate 9/19: This issue was discovered and reported by both Morphisec and Cisco in separate in-field cases and...