Lucene search
K

558 matches found

NVD
NVD
added 2018/08/01 6:29 a.m.24 views

CVE-2016-8616

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...

5.9CVSS6.5AI score0.03472EPSS
Exploits0References10
CVE
CVE
added 2018/08/01 6:0 a.m.196 views

CVE-2016-8616

CVE-2016-8616 affects curl prior to 7.51.0. When re-using a connection, curl performed case-insensitive comparisons of the username and password against existing connections, enabling an attacker who knows the case-insensitive form of the correct password to cause reuse of an unused connection wi...

5.9CVSS7.3AI score0.03472EPSS
Exploits0References10Affected Software1
Debian CVE
Debian CVE
added 2018/08/01 6:0 a.m.40 views

CVE-2016-8616

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...

5.9CVSS7.3AI score0.03472EPSS
Exploits0
Cvelist
Cvelist
added 2018/08/01 6:0 a.m.26 views

CVE-2016-8616

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...

3.7CVSS6.5AI score0.03472EPSS
Exploits0References10
AlpineLinux
AlpineLinux
added 2018/08/01 6:0 a.m.32 views

CVE-2016-8616

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...

5.9CVSS6.8AI score0.03472EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2018/07/18 6:33 p.m.19 views

Information Exposure on Case Insensitive File Systems in serve

Versions of serve before 7.0.0 are vulnerable to information exposure, bypassing the ignore security control, but only on case insensitive file systems. Recommendation Update to version 7.0.0 or later...

5.3CVSS2.9AI score0.01048EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2018/07/18 6:33 p.m.18 views

GHSA-686G-3XR3-X4X6 Information Exposure on Case Insensitive File Systems in serve

Versions of serve before 7.0.0 are vulnerable to information exposure, bypassing the ignore security control, but only on case insensitive file systems. Recommendation Update to version 7.0.0 or later...

5.3CVSS5.1AI score0.01048EPSS
Exploits1References4
Node.js
Node.js
added 2018/06/01 10:41 p.m.658 views

Information Exposure on Case Insensitive File Systems

Overview Versions of serve before 7.0.0 are vulnerable to information exposure, bypassing the ignore security control, but only on case insensitive file systems. Recommendation Update to version 7.0.0 or later. References - HackerOne Report - GitHub Advisory...

5CVSS2.6AI score0.01048EPSS
Exploits1Affected Software1
NVD
NVD
added 2018/03/07 2:29 p.m.42 views

CVE-2018-1000118

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...

9.3CVSS9.1AI score0.02441EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/03/07 2:0 p.m.41 views

CVE-2018-1000118

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...

9.1AI score0.02441EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2018/02/16 12:29 a.m.27 views

CVE-2018-1000068

An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitiv...

5.3CVSS6.4AI score0.0197EPSS
Exploits0References2
CVE
CVE
added 2018/02/16 12:0 a.m.110 views

CVE-2018-1000068

CVE-2018-1000068 affects Jenkins core versions <= 2.106 and LTS

5.3CVSS5.2AI score0.0197EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/01/03 4:40 p.m.13 views

MGASA-2018-0053 Updated curl packages fix security vulnerability

If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. The issue pertains to the function that loads cookies into memory, which reads the specified file...

9.8CVSS7AI score0.11175EPSS
Exploits0References20
Mageia
Mageia
added 2018/01/03 3:50 p.m.41 views

Updated perl packages fix security vulnerability

Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote attacker to cause a denial of service via a specially crafted regular expression with the case-insensitive modifier CVE-2017-12837. Jakub Wilk reported a buffer over-read flaw in the regular...

9.1CVSS3.8AI score0.06207EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/12/26 12:0 a.m.26 views

F5 Networks BIG-IP : libcurl vulnerability (K52828640)

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...

5.9CVSS6.7AI score0.03472EPSS
Exploits0References2
OSV
OSV
added 2017/10/24 6:33 p.m.28 views

GHSA-4WW3-3RXJ-8V6Q actionpack allows remote attackers to bypass intended access restrictions

actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action...

7.5CVSS6.2AI score0.02498EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2017/09/26 2:29 p.m.3 views

CVE-2015-5070

The 1 filesystem::getwmllocation function in filesystem.cpp and 2 islegalfile function in filesystemboost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to...

4.3CVSS5.6AI score0.01715EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2017/09/22 12:0 a.m.53 views

Debian DSA-3982-1 : perl - security update

Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-12837 Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a...

9.1CVSS7.1AI score0.06207EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2017/09/19 6:29 p.m.4 views

CVE-2017-12837

Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...

7.5CVSS5.9AI score0.06207EPSS
Exploits0References11
OSV
OSV
added 2017/09/19 6:29 p.m.3 views

ALPINE-CVE-2017-12837

Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...

7.5CVSS7.3AI score0.06207EPSS
Exploits0References1
Rows per page
Query Builder