9 matches found
TencentOS Server 3: git-lfs (TSSA-2026:0380)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0380 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CLSA-2026-1778175425 curl: Fix of 2 CVEs
CVE-2016-8624: invalid URL parsing with '' - CVE-2016-8623: use-after-free via shared cookies...
CVE-2025-69251 free5GC has Improper Input Validation in UDM, Leading to Information Exposure
free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the ueId parameter, triggering internal URL parsing errors net/url:...
RHEL 5 : lynx (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - lynx: Invalid URL parsing of pages containing '?' CVE-2016-9179 Note that Nessus has not tested for this issue but...
curl security and bug fix update
7.29.0-57.0.1 - Fix TFTP small blocksize heap buffer overflow https://curl.haxx.se/docs/CVE-2019-5482.htmlCVE-2019-5482Orabug: 30568724 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitiv...
OWOX, Inc.: invalid URL parsing with and '@'
Description : invalid URL parsing with and '@' this can harm full for user Live POC : https://[email protected]...
Amazon Linux AMI : curl (ALAS-2016-766)
This build resolves the following issues : CVE-2016-8615 : Cookie injection for other servers CVE-2016-8616 : Case insensitive password comparison CVE-2016-8617 : Out-of-bounds write via unchecked multiplication CVE-2016-8618 : Double-free in curlmaprintf CVE-2016-8619 : Double-free in krb5 code...
CURL-CVE-2016-8624 invalid URL parsing with '#'
curl does not parse the authority component of the URL correctly when the host name part ends with a hash character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use a URL parser that follows the RFC to check for allowed...
cURL -- multiple vulnerabilities
The cURL project reports cookie injection for other servers case insensitive password comparison OOB write via unchecked multiplication double-free in curlmaprintf double-free in krb5 code glob parser write/read out of bounds curlgetdate read out of bounds URL unescape heap overflow via integer...