Lucene search
K

557 matches found

Cvelist
Cvelist
added 2017/09/19 6:0 p.m.32 views

CVE-2017-12837

Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...

7.2AI score0.06207EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2017/09/19 6:0 p.m.36 views

CVE-2017-12837

Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...

7.5CVSS8.4AI score0.06207EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/06/28 12:0 a.m.40 views

SUSE SLES12 Security Update : freeradius-server (SUSE-SU-2017:1705-1)

This update for freeradius-server fixes the following issues: Security issue fixed : - CVE-2017-9148: Disable OpenSSL's internal session cache to mitigate authentication bypass. bsc1041445 Non security issue fixed : - Fix case insensitive matching in compiled regular expressions bsc1027243 Note...

9.8CVSS7.9AI score0.03914EPSS
Exploits0References5
OSV
OSV
added 2017/06/27 3:19 p.m.3 views

SUSE-SU-2017:1705-1 Security update for freeradius-server

This update for freeradius-server fixes the following issues: Security issue fixed: - CVE-2017-9148: Disable OpenSSL's internal session cache to mitigate authentication bypass. bsc1041445 Non security issue fixed: - Fix case insensitive matching in compiled regular expressions bsc1027243...

9.8CVSS9.6AI score0.03914EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2017/01/26 12:0 a.m.46 views

PHP PEAR HTTP_Upload 1.0.0b3 - Arbitrary File Upload

Credits: John Page AKA Hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PEAR-HTTPUPLOAD-ARBITRARY-FILE-UPLOAD.txt + ISR: ApparitionSEC + Vendor: ============ pear.php.net Product: ==================== HTTPUpload v1.0.0b3 Download:...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/12/09 12:0 a.m.15 views

cURL/libcurl 7.x < 7.51.0 Multiple Vulnerabilities

Binary data 9826.prm...

9.8CVSS7.3AI score0.05915EPSS
Exploits0References12
OSV
OSV
added 2016/11/17 12:0 a.m.45 views

DLA-711-1 curl - security update

Bulletin has no description...

9.8CVSS7.9AI score0.05915EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/11/11 12:0 a.m.62 views

Amazon Linux AMI : curl (ALAS-2016-766)

This build resolves the following issues : CVE-2016-8615 : Cookie injection for other servers CVE-2016-8616 : Case insensitive password comparison CVE-2016-8617 : Out-of-bounds write via unchecked multiplication CVE-2016-8618 : Double-free in curlmaprintf CVE-2016-8619 : Double-free in krb5 code...

9.8CVSS7AI score0.05915EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2016/11/07 12:0 a.m.51 views

Debian DSA-3705-1 : curl - security update

Several vulnerabilities were discovered in cURL, an URL transfer library : - CVE-2016-8615 It was discovered that a malicious HTTP server could inject new cookies for arbitrary domains into a cookie jar. - CVE-2016-8616 It was discovered that when re-using a connection, curl was doing case...

9.8CVSS7.3AI score0.05915EPSS
Exploits0References22
Debian
Debian
added 2016/11/03 11:7 p.m.43 views

[SECURITY] [DSA 3705-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3705-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini November 03, 2016 https://www.debian.org/security/faq -...

9.8CVSS9.2AI score0.05915EPSS
Exploits0
OpenVAS
OpenVAS
added 2016/11/03 12:0 a.m.42 views

Debian Security Advisory DSA 3705-1 (curl - security update)

Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2016-8615 It was discovered that a malicious HTTP server could inject new cookies for arbitrary domains into a cookie jar. CVE-2016-8616 It was discovered that when re-using a connection, curl was doing case insensitive...

0.6AI score0.05915EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2016/11/02 8:47 a.m.42 views

CVE-2016-8616

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...

5.9CVSS4.1AI score0.03472EPSS
Exploits0References2
curl security advisories
curl security advisories
added 2016/11/02 8:0 a.m.4 views

case insensitive password comparison

When reusing a connection, curl was doing case insensitive comparisons of username and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be...

5.9CVSS6.8AI score0.03472EPSS
Exploits0Affected Software2
OSV
OSV
added 2016/11/02 8:0 a.m.7 views

CURL-CVE-2016-8616 case insensitive password comparison

When reusing a connection, curl was doing case insensitive comparisons of username and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be...

5.9CVSS7.2AI score0.03472EPSS
Exploits0
ALT Linux
ALT Linux
added 2016/11/02 12:0 a.m.54 views

Security fix for the ALT Linux 8 package curl version 7.51.0-alt1

Nov. 2, 2016 Anton Farygin 7.51.0-alt1 - new version with security fixes: CVE-2016-8615: cookie injection for other servers CVE-2016-8616: case insensitive password comparison CVE-2016-8617: OOB write via unchecked multiplication CVE-2016-8618: double-free in curlmaprintf CVE-2016-8619: double-fr...

7.5CVSS8AI score0.05915EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2016/11/02 12:0 a.m.25 views

CVE-2016-8616

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...

5.9CVSS6.7AI score0.03472EPSS
Exploits0References3
OSV
OSV
added 2016/11/02 12:0 a.m.3 views

UBUNTU-CVE-2016-8616

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...

5.9CVSS6.6AI score0.03472EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/03/17 12:0 a.m.32 views

Ubuntu 14.04 LTS : PAM vulnerabilities (USN-2935-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2935-1 advisory. It was discovered that the PAM pamuserdb module incorrectly used a case-insensitive method when comparing hashed passwords. A local attacker could possib...

6.5CVSS6.7AI score0.04087EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2016/03/17 12:0 a.m.32 views

Ubuntu: Security Advisory (USN-2935-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7AI score0.04087EPSS
Exploits3References3
RedHat Linux
RedHat Linux
added 2016/03/02 5:16 p.m.6 views

postgresql: case insensitive range handling integer overflow leading to buffer overflow

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code...

7.5CVSS7.9AI score0.06948EPSS
Exploits0References4
Rows per page
Query Builder