Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : Exim vulnerabilities (USN-8382-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8382-1 advisory. Timo Longin discovered that Exim incorrectly handled certain SMTP messages in PIPELINING/CHUNKING configurations. A...

USN-8382-1 exim4 vulnerabilities

Timo Longin discovered that Exim incorrectly handled certain SMTP messages in PIPELINING/CHUNKING configurations. A remote attacker could possibly use this issue to perform SMTP smuggling. This issue only affected Ubuntu 14.04 LTS. CVE-2023-51766 It was discovered that Exim incorrectly handled...

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from or to a server. Curl has a security vulnerability that stems from the incorrect reuse of existing HTTP proxy connections, which may lead to errors in processing new requests with different credentials...

Authentication Bypass

libcurl.so is vulnerable to authentication bypass. Insecure re-use of NTLM-authenticated proxy connections allow an attacker to authenticate as other users via a malicious request...

EulerOS Virtualization for ARM 64 3.0.2.0 : curl (EulerOS-SA-2019-1696)

According to the version of the curl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy...

openSUSE Security Update : curl (openSUSE-2016-153)

This update for curl fixes the following issues : - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer bsc962983 The following tracked bugs only affect the te...

Mageia: Security Advisory (MGASA-2016-0050)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : curl (openSUSE-2016-152)

This update for curl fixes the following issues : - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer bsc962983 The following non-security bugs were fixed : ...

SUSE SLED11 / SLES11 Security Update : curl (SUSE-SU-2016:0347-1)

This update for curl fixes the following issues : - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer bsc962983 The update package also includes non-security...

MGASA-2016-0050 Updated curl packages fix security vulnerability

libcurl before 7.47.0 will reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. The effect of this flaw is that the application could be reusing a proxy connection using the previously use...

curl: authentication bypass

A vulnerability was found in a way libcurl uses NTLM-authenticated proxy connections. Libcurl will reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. Since NTLM-based authentication is...

CVE-2016-0755

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015...

CVE-2016-0755

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015...

Design/Logic Flaw

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015...

CVE-2016-0755

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015...

FreeBSD : curl -- Credentials not checked (8b27f1bc-c509-11e5-a95f-b499baebfeaf)

The cURL project reports : libcurl will reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

CVE-2016-0755

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015...

Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : pidgin vulnerabilities (USN-1500-1)

Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in the AIM and ICQ protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10...