Siemens SIMATIC S7-1500 Use of Incorrectly-Resolved Name or Reference (CVE-2022-27778)

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

SUSE CVE-2022-27778

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.

...

AZL-9876 CVE-2022-27778 affecting package curl for versions less than 7.83.1-1

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...

ALPINE-CVE-2022-27778

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...

CVE-2022-27778

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...

DEBIAN-CVE-2022-27778

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...

CVE-2022-27778

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...

Code injection

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...

CVE-2022-27778

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...

CVE-2022-27778

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...

CVE-2022-27778

CVE-2022-27778 is a vulnerability in curl/libcurl described as an “use of incorrectly resolved name” that may cause removal of the wrong file when using --no-clobber with --remove-on-error. Connected advisories confirm the issue exists in curl up to version 7.83.0 and is fixed in 7.83.1. Articles...

The vulnerability lies in the implementation of the --no-clobber and --remove-on-error options in the cURL command-line utility, which allow a malicious user to delete any files they desire.

The vulnerability of the --no-clobber and --remove-on-error command-line utilities of cURL is related to the use of incorrect path names. Exploiting this vulnerability could allow a remote attacker to delete any files they desire...

CURL-CVE-2022-27778 curl removes wrong file on error

curl might remove the wrong file when --no-clobber is used together with --remove-on-error. The --remove-on-error option tells curl to remove the output file when it returns an error, and not leave a partial file behind. The --no-clobber option prevents curl from overwriting a file if it already...

curl removes wrong file on error

curl might remove the wrong file when --no-clobber is used together with --remove-on-error. The --remove-on-error option tells curl to remove the output file when it returns an error, and not leave a partial file behind. The --no-clobber option prevents curl from overwriting a file if it already...

Internet Bug Bounty: CVE-2022-27778: curl removes wrong file on error

Summary: Curl command has a logic flaw that results in removal of a wrong file when combining --no-clobber and --remove-on-error if the target file name exists and an error occurs. Steps To Reproduce: 1. echo "important file" foo 2. echo -ne "HTTP/1.1 200 OK\r\nContent-Length: 666\r\n\r\nHello\n"...

curl 安全漏洞

curl is a tool for transferring data from or to a server. A security vulnerability exists in curl version 7.83.0, which stems from the possibility that the curl command-line tool may mistakenly delete files when --no-clobber is used in conjunction with --remove-on-error. A remote attacker can use...