CLSA-2026-1778175425 curl: Fix of 2 CVEs

CVE-2016-8624: invalid URL parsing with '' - CVE-2016-8623: use-after-free via shared cookies...

CVE-2026-27210 Pannellum has a XSS vulnerability in hot spot attributes

Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...

Pannellum has a XSS vulnerability in hot spot attributes

Impact The hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hosting the standalone viewer HTML file and any other use of untrusted JSON config files bypassing the...

curl security and bug fix update

7.29.0-57.0.1 - Fix TFTP small blocksize heap buffer overflow https://curl.haxx.se/docs/CVE-2019-5482.htmlCVE-2019-5482Orabug: 30568724 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitiv...

curl: Use-after-free via shared cookies

A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure...

curl: Use-after-free via shared cookies

A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure...

CVE-2017-2589

It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store cookies are stored locally and are not passed between the client and the end URL which means all clients using that proxy are sharing the same cookies...

CVE-2017-2589

The vulnerability CVE-2017-2589 affects hawtio servlet 1.4, where a single HttpClient instance proxies requests with a persistent cookie store, causing cookies to be stored locally and shared across all proxy clients. As a result, all users of the proxy share the same cookies, potentially exposin...

hawtio: Proxy is sharing cookies among all the clients

It was discovered that the hawtio servlet uses a single HttpClient instance to proxy requests with a persistent cookie store cookies are stored locally and are not passed between the client and the end URL which means all clients using that proxy are sharing the same cookies...

Ubuntu 14.04 LTS / 16.04 LTS : curl vulnerabilities (USN-3123-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3123-1 advisory. It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to...

USN-3123-1: curl vulnerabilities

It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. CVE-2016-7141 Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain strings. A remote...

CURL-CVE-2016-8623 Use after free via shared cookies

libcurl explicitly allows users to share cookies between multiple easy handles that are concurrently employed by different threads. When cookies to be sent to a server are collected, the matching function collects all cookies to send and the cookie lock is released immediately afterwards. That...