21 matches found
Debian DLA-2664-1 : curl security update
Viktor Szakats reported that libcurl, an URL transfer library, does not strip off user credentials from the URL when automatically populating the Referer HTTP request header field in outgoing HTTP requests. Sensitive authentication data may leak to the server that is the target of the second HTTP...
Debian: Security Advisory (DSA-4386-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-4331-1 : curl - security update
Two vulnerabilities were discovered in cURL, an URL transfer library. - CVE-2018-16839 Harry Sintonen discovered that, on systems with a 32 bit sizet, an integer overflow would be triggered when a SASL user name longer than 2GB is used. This would in turn cause a very small buffer to be allocated...
Debian: Security Advisory (DSA-4098-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-4051-1 : curl - security update
Two vulnerabilities were discovered in cURL, an URL transfer library. - CVE-2017-8816 Alex Nichols discovered a buffer overrun flaw in the NTLM authentication code which can be triggered on 32bit systems where an integer overflow might occur when calculating the size of a memory allocation. -...
DSA-3705-1 curl - security update
Bulletin has no description...
Debian Security Advisory DSA 3455-1 (curl - security update)
Isaac Boukris discovered that cURL, an URL transfer library, reused NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for the new transfer. This could lead to HTTP requests being sent over the connection...
Debian Security Advisory DSA 3240-1 (curl - security update)
It was discovered that cURL, an URL transfer library, if configured to use a proxy server with the HTTPS protocol, by default could send to the proxy the same HTTP headers it sends to the destination server, possibly leaking sensitive information. OpenVAS Vulnerability Test $Id: deb3240.nasl 6609...
DLA-134-1 curl - security update
Bulletin has no description...
Debian DSA-3122-1 : curl - security update
Andrey Labunets of Facebook discovered that cURL, an URL transfer library, fails to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to do additional requests in...
[SECURITY] [DSA 3122-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3122-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 08, 2015 http://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-3122-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 3022-1] curl security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3022-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez September 10, 2014 http://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-3022-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 2902-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2902-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 13, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2902-1 (curl - security update)
Two vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0138 Steve Holme discovered that libcurl can in some circumstances re-use the wrong connection when asked to do transfers using...
Debian: Security Advisory (DSA-2902-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DSA-2660-1 curl - cookie leak vulnerability
Bulletin has no description...
Debian: Security Advisory (DSA-2398-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 2398-1 (curl)
The remote host is missing an update to curl announced via advisory DSA 2398-1. OpenVAS Vulnerability Test $Id: deb23981.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2398-1 curl Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...