556 matches found
curl security and bug fix update
7.29.0-54.0.1 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitive password comparison https://curl.haxx.se/docs/CVE-2016-8616.html - CVE-2016-8617 OOB write via unchecked multiplication...
SUSE-SU-2019:1958-1 Security update for glibc
This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match bsc1127308. - CVE-2009-5155: Fixed a denial of service in parseregexp bsc1127223. Non-security issues fixed: -...
May 23, 2019—KB4499184 (Preview of Monthly Rollup)
May 23, 2019—KB4499184 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4499149released May 14, 2019 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses an issue t...
Oracle Linux 6 / 7 : curl (ELSA-2019-4652)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4652 advisory. - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitive password compariso...
curl security update
7.29.0-51.0.1 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitive password comparison https://curl.haxx.se/docs/CVE-2016-8616.html - CVE-2016-8617 OOB write via unchecked multiplication...
CVE-2019-9169
In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match...
CVE-2019-9169
In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match...
DEBIAN-CVE-2019-9169
In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match...
UBUNTU-CVE-2019-9169
In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match...
CVE-2019-9169
In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match...
CVE-2019-9169
In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. Recent assessments: busterb at June 15, 2020 6:59pm UTC reported: A buffer overread in a very specific part of the...
curl: Case insensitive password comparison
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...
curl: Case insensitive password comparison
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...
Remote Security Bypass
libcurl.so is vulnerable to remote security bypass attacks. The vulnerability exists due to a flaw of case insensitive password comparisons such that an attacker with the correct case insensitive password would be authorized...
Default credentials
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...
CVE-2016-8616
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...
DEBIAN-CVE-2016-8616
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...
CVE-2016-8616
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...
ALPINE-CVE-2016-8616
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...
CVE-2016-8616
CVE-2016-8616 affects curl prior to 7.51.0. When re-using a connection, curl performed case-insensitive comparisons of the username and password against existing connections, enabling an attacker who knows the case-insensitive form of the correct password to cause reuse of an unused connection wi...