558 matches found
CVE-2016-8616
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...
CVE-2016-8616
CVE-2016-8616 affects curl prior to 7.51.0. When re-using a connection, curl performed case-insensitive comparisons of the username and password against existing connections, enabling an attacker who knows the case-insensitive form of the correct password to cause reuse of an unused connection wi...
CVE-2016-8616
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...
CVE-2016-8616
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...
CVE-2016-8616
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...
Information Exposure on Case Insensitive File Systems in serve
Versions of serve before 7.0.0 are vulnerable to information exposure, bypassing the ignore security control, but only on case insensitive file systems. Recommendation Update to version 7.0.0 or later...
GHSA-686G-3XR3-X4X6 Information Exposure on Case Insensitive File Systems in serve
Versions of serve before 7.0.0 are vulnerable to information exposure, bypassing the ignore security control, but only on case insensitive file systems. Recommendation Update to version 7.0.0 or later...
Information Exposure on Case Insensitive File Systems
Overview Versions of serve before 7.0.0 are vulnerable to information exposure, bypassing the ignore security control, but only on case insensitive file systems. Recommendation Update to version 7.0.0 or later. References - HackerOne Report - GitHub Advisory...
CVE-2018-1000118
Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...
CVE-2018-1000118
Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...
CVE-2018-1000068
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitiv...
CVE-2018-1000068
CVE-2018-1000068 affects Jenkins core versions <= 2.106 and LTS
MGASA-2018-0053 Updated curl packages fix security vulnerability
If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. The issue pertains to the function that loads cookies into memory, which reads the specified file...
Updated perl packages fix security vulnerability
Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote attacker to cause a denial of service via a specially crafted regular expression with the case-insensitive modifier CVE-2017-12837. Jakub Wilk reported a buffer over-read flaw in the regular...
F5 Networks BIG-IP : libcurl vulnerability (K52828640)
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...
GHSA-4WW3-3RXJ-8V6Q actionpack allows remote attackers to bypass intended access restrictions
actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action...
CVE-2015-5070
The 1 filesystem::getwmllocation function in filesystem.cpp and 2 islegalfile function in filesystemboost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to...
Debian DSA-3982-1 : perl - security update
Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-12837 Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a...
CVE-2017-12837
Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...
ALPINE-CVE-2017-12837
Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...