557 matches found
CVE-2017-12837
Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...
CVE-2017-12837
Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...
SUSE SLES12 Security Update : freeradius-server (SUSE-SU-2017:1705-1)
This update for freeradius-server fixes the following issues: Security issue fixed : - CVE-2017-9148: Disable OpenSSL's internal session cache to mitigate authentication bypass. bsc1041445 Non security issue fixed : - Fix case insensitive matching in compiled regular expressions bsc1027243 Note...
SUSE-SU-2017:1705-1 Security update for freeradius-server
This update for freeradius-server fixes the following issues: Security issue fixed: - CVE-2017-9148: Disable OpenSSL's internal session cache to mitigate authentication bypass. bsc1041445 Non security issue fixed: - Fix case insensitive matching in compiled regular expressions bsc1027243...
PHP PEAR HTTP_Upload 1.0.0b3 - Arbitrary File Upload
Credits: John Page AKA Hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PEAR-HTTPUPLOAD-ARBITRARY-FILE-UPLOAD.txt + ISR: ApparitionSEC + Vendor: ============ pear.php.net Product: ==================== HTTPUpload v1.0.0b3 Download:...
cURL/libcurl 7.x < 7.51.0 Multiple Vulnerabilities
Binary data 9826.prm...
DLA-711-1 curl - security update
Bulletin has no description...
Amazon Linux AMI : curl (ALAS-2016-766)
This build resolves the following issues : CVE-2016-8615 : Cookie injection for other servers CVE-2016-8616 : Case insensitive password comparison CVE-2016-8617 : Out-of-bounds write via unchecked multiplication CVE-2016-8618 : Double-free in curlmaprintf CVE-2016-8619 : Double-free in krb5 code...
Debian DSA-3705-1 : curl - security update
Several vulnerabilities were discovered in cURL, an URL transfer library : - CVE-2016-8615 It was discovered that a malicious HTTP server could inject new cookies for arbitrary domains into a cookie jar. - CVE-2016-8616 It was discovered that when re-using a connection, curl was doing case...
[SECURITY] [DSA 3705-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3705-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini November 03, 2016 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3705-1 (curl - security update)
Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2016-8615 It was discovered that a malicious HTTP server could inject new cookies for arbitrary domains into a cookie jar. CVE-2016-8616 It was discovered that when re-using a connection, curl was doing case insensitive...
CVE-2016-8616
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...
case insensitive password comparison
When reusing a connection, curl was doing case insensitive comparisons of username and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be...
CURL-CVE-2016-8616 case insensitive password comparison
When reusing a connection, curl was doing case insensitive comparisons of username and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be...
Security fix for the ALT Linux 8 package curl version 7.51.0-alt1
Nov. 2, 2016 Anton Farygin 7.51.0-alt1 - new version with security fixes: CVE-2016-8615: cookie injection for other servers CVE-2016-8616: case insensitive password comparison CVE-2016-8617: OOB write via unchecked multiplication CVE-2016-8618: double-free in curlmaprintf CVE-2016-8619: double-fr...
CVE-2016-8616
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...
UBUNTU-CVE-2016-8616
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...
Ubuntu 14.04 LTS : PAM vulnerabilities (USN-2935-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2935-1 advisory. It was discovered that the PAM pamuserdb module incorrectly used a case-insensitive method when comparing hashed passwords. A local attacker could possib...
Ubuntu: Security Advisory (USN-2935-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
postgresql: case insensitive range handling integer overflow leading to buffer overflow
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code...