Lucene search
K

8 matches found

OSV
OSV
added 2023/10/20 3:39 p.m.6 views

CLSA-2023-1697816385 curl: Fix of 2 CVEs

CVE-2022-27782: check additional TLS or SSH connection parameters that should have prohibited connection reuse - CVE-2023-27534: fix SFTP path '' resolving discrepancy - fix read off end of array for SCP home directory case...

8.8CVSS6.8AI score0.02596EPSS
Exploits2References1
OSV
OSV
added 2023/04/24 3:0 p.m.11 views

CLSA-2023-1682348435 curl: Fix of CVE-2023-27534

CVE-2023-27534: fix SFTP path '' resolving discrepancy - fix resolving SCP relative path...

8.8CVSS6.8AI score0.02195EPSS
Exploits1References1
OSV
OSV
added 2023/04/24 2:48 p.m.6 views

CLSA-2023-1682347721 curl: Fix of CVE-2023-27534

CVE-2023-27534: fix SFTP path '' resolving discrepancy - fix resolving SCP relative path...

8.8CVSS6.8AI score0.02195EPSS
Exploits1References1
OSV
OSV
added 2023/03/30 8:15 p.m.4 views

AZL-34607 CVE-2023-27534 affecting package cmake for versions less than 3.28.2-1

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

8.8CVSS7AI score0.02195EPSS
Exploits1References1
OSV
OSV
added 2023/03/30 8:15 p.m.5 views

AZL-38611 CVE-2023-27534 affecting package tensorflow for versions less than 2.16.1-1

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

8.8CVSS7AI score0.02195EPSS
Exploits1References1
OSV
OSV
added 2023/03/20 12:30 p.m.6 views

USN-5964-1 curl vulnerabilities

Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to the server as provided, contrary to expectations. CVE-2023-27533 Harry Sintonen discovered that curl incorrectly...

9.8CVSS6.8AI score0.02195EPSS
Exploits5References6
curl security advisories
curl security advisories
added 2023/03/20 8:0 a.m.8 views

SFTP path ~ resolving discrepancy

curl supports SFTP transfers. curl's SFTP implementation offers a special feature in the path component of URLs: a tilde character as the first path element in the path to denotes a path relative to the user's home directory. This is supported because of wording in the once proposed to-become RFC...

8.8CVSS6.5AI score0.02195EPSS
Exploits1References1Affected Software2
OSV
OSV
added 2023/03/20 12:0 a.m.3 views

UBUNTU-CVE-2023-27534

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

8.8CVSS7.1AI score0.02195EPSS
Exploits1References4
Rows per page
Query Builder