16 matches found
CVE-2023-54203
The CVE-2023-54203 entry concerns the Linux kernel ksmbd subsystem fix for a slab-out-of-bounds in init_smb2_rsp_hdr triggered while handling SMB1 negotiate as SMB2 server operations. The described issue involves slab-out-of-bounds read (size 16) during SMB1 SMB2 response header processing, with ...
Linux Distros Unpatched Vulnerability : CVE-2023-52441
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds in initsmb2rsphdr If client send smb2 negotiate request and then se...
SUSE CVE-2024-26692
In the Linux kernel, the following vulnerability has been resolved: smb: Fix regression in writes when non-standard maximum write size negotiated The conversion to netfs in the 6.3 kernel caused a regression when maximum write size is set by the server to an unexpected value which is not a multip...
CVE-2024-26692 smb: Fix regression in writes when non-standard maximum write size negotiated
In the Linux kernel, the following vulnerability has been resolved: smb: Fix regression in writes when non-standard maximum write size negotiated The conversion to netfs in the 6.3 kernel caused a regression when maximum write size is set by the server to an unexpected value which is not a multip...
curl: TELNET option IAC injection
A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1862)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ROS-20230406-01
A vulnerability in the curl program is related to the incorrect replacement of the tilde character when used as a prefix in the first path element, in addition to its intended use as the first element to specify a path relative to a user's home directory. element to specify a path relative to the...
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input thereby enabling attackers to execute arbitrary code on the system.
...
DEBIAN-CVE-2023-27533
A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...
ALPINE-CVE-2023-27533
A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...
SUSE CVE-2023-27533
A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...
CURL-CVE-2023-27533 TELNET option IAC injection
curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on username and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the documented functionality, curl would pass on username and telnet options ...
Internet Bug Bounty: CVE-2023-27533: TELNET option IAC injection
A vulnerability CVE-2023-27533 was found in curl versions 7.7 to 7.88.1 that allowed users to pass on user name and "telnet options" for server negotiation without proper input scrubbing, potentially allowing for the injection of unintended TELNET commands to the telnet connection. The severity o...
UBUNTU-CVE-2023-27533
A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...
CVE-2023-27533
A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...
Qemu: qemu-nbd crashes due to undefined I/O coroutine
An assertion-failure flaw was found in the Network Block Device NBD server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to...