207 matches found
CVE-2022-27780
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...
Design/Logic Flaw
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...
CVE-2022-27780
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...
CVE-2022-27780
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...
CVE-2022-27780
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...
CVE-2022-27780
CVE-2022-27780 affects curl: the URL parser can wrongly decode percent-encoded separators in the host portion, causing a URL like http://example.com%2F127.0.0.1/ to be interpreted as http://example.com/127.0.0.1/, potentially bypassing filters. Affected software is curl (core library). The flaw’s...
CVE-2022-27780
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...
Cross-site Scripting (XSS)
curl is vulnerable to cross-site scripting. The vulnerability exists due to the curl URL parser wrongly accepts percent-encoded URL separators like / when decoding the host name part of a URL which allows an attacker to inject and execute arbitrary javascript...
FreeBSD : curl -- Multiple vulnerabilities (11e36890-d28c-11ec-a06f-d4c9ef517024)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 11e36890-d28c-11ec-a06f-d4c9ef517024 advisory. - Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an...
CURL-CVE-2022-27780 percent-encoded path separator in URL host
The curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the hostname part of a URL, making it a different URL using the wrong hostname when it is later retrieved. For example, a URL like http://example.com%2F10.0.0.1/, would be allowed by the parser and get...
curl 代码问题漏洞
curl is a tool used to transfer data from or to a server. A code issue vulnerability exists in curl, which arises from the URL parser incorrectly accepting percentage-encoded URL separators when decoding the hostname portion of a URL...
CVE-2022-27780
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...
Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current curl Multiple Vulnerabilities (SSA:2022-131-01)
The version of curl installed on the remote host is prior to 7.83.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-131-01 advisory. - libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : curl vulnerabilities (USN-5412-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5412-1 advisory. Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this iss...
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.
Leading control characters in a URL are not stripped when passed into url-parse. This can cause input URLs to be mistakenly be interpreted as a relative URL without a hostname and protocol, while the WHATWG URL parser will trim control characters and treat it as an absolute URL. If url-parse is...
Netgear RAX43 缓冲区错误漏洞
The Netgear RAX43 is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between them. A buffer overflow vulnerability exists in Netgear RAX43 version 1.0.3.96. The vulnerability is caused by the URL parsing functionality of the...
OPENSUSE-SU-2021:1592-1 Security update for nim
This update for nim fixes the following issues: - CVE-2021-41259: Fixed vulnerability in URL parser that allowed a null byte bypass boo1192712 This update was imported from the openSUSE:Leap:15.2:Update update project...
Security update for nim (moderate)
openSUSE Security Update: Security update for nim Announcement ID: openSUSE-SU-2021:1592-1 Rating: moderate References: 1192712 Cross-References: CVE-2021-41259 CVSS scores: CVE-2021-41259 NVD : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Affected Products: openSUSE Backports SLE-15-SP2 An...
Security update for nim (moderate)
openSUSE Security Update: Security update for nim Announcement ID: openSUSE-SU-2021:1585-1 Rating: moderate References: 1192712 Cross-References: CVE-2021-41259 CVSS scores: CVE-2021-41259 NVD : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Affected Products: openSUSE Leap 15.2 An update that...
OPENSUSE-SU-2021:1585-1 Security update for nim
This update for nim fixes the following issues: - CVE-2021-41259: Fixed vulnerability in URL parser that allowed a null byte bypass boo1192712...