19 matches found
OPENSUSE-SU-2026:20038-1 Security update for wget2
This update for wget2 fixes the following issues: Changes in wget2: - Update to release 2.2.1 Fix file overwrite issue with metalink CVE-2025-69194 bsc1255728 Fix remote buffer overflow in getlocalfilenamereal CVE-2025-69195 bsc1255729 Fix a redirect/mirror regression from 400713ca Use the local...
Security update for wget2 (important)
openSUSE Security Update: Security update for wget2 Announcement ID: openSUSE-SU-2026:0010-1 Rating: important References: 1255728 1255729 Cross-References: CVE-2025-69194 CVE-2025-69195 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes two vulnerabilities is now available...
Siemens SIMATIC S7-1500 Use of Incorrectly-Resolved Name or Reference (CVE-2022-27778)
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...
SUSE CVE-2022-27778
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
...
AZL-9876 CVE-2022-27778 affecting package curl for versions less than 7.83.1-1
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...
CVE-2022-27778
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...
ALPINE-CVE-2022-27778
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...
DEBIAN-CVE-2022-27778
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...
Code injection
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...
CVE-2022-27778
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...
CVE-2022-27778
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...
CVE-2022-27778
CVE-2022-27778 is a vulnerability in curl/libcurl described as an “use of incorrectly resolved name” that may cause removal of the wrong file when using --no-clobber with --remove-on-error. Connected advisories confirm the issue exists in curl up to version 7.83.0 and is fixed in 7.83.1. Articles...
The vulnerability lies in the implementation of the --no-clobber and --remove-on-error options in the cURL command-line utility, which allow a malicious user to delete any files they desire.
The vulnerability of the --no-clobber and --remove-on-error command-line utilities of cURL is related to the use of incorrect path names. Exploiting this vulnerability could allow a remote attacker to delete any files they desire...
ROS-20220524-21
The cURL command-line utility vulnerability is related to a bug in the HSTS implementation that could allow curl to continue using the HTTP protocol instead of HTTPS if the hostname in the specified URL used an endpoint but did not use it when building the HSTS cache. Exploitation of the...
CURL-CVE-2022-27778 curl removes wrong file on error
curl might remove the wrong file when --no-clobber is used together with --remove-on-error. The --remove-on-error option tells curl to remove the output file when it returns an error, and not leave a partial file behind. The --no-clobber option prevents curl from overwriting a file if it already...
curl removes wrong file on error
curl might remove the wrong file when --no-clobber is used together with --remove-on-error. The --remove-on-error option tells curl to remove the output file when it returns an error, and not leave a partial file behind. The --no-clobber option prevents curl from overwriting a file if it already...
Internet Bug Bounty: CVE-2022-27778: curl removes wrong file on error
Summary: Curl command has a logic flaw that results in removal of a wrong file when combining --no-clobber and --remove-on-error if the target file name exists and an error occurs. Steps To Reproduce: 1. echo "important file" foo 2. echo -ne "HTTP/1.1 200 OK\r\nContent-Length: 666\r\n\r\nHello\n"...
curl 安全漏洞
curl is a tool for transferring data from or to a server. A security vulnerability exists in curl version 7.83.0, which stems from the possibility that the curl command-line tool may mistakenly delete files when --no-clobber is used in conjunction with --remove-on-error. A remote attacker can use...