SUSE CVE-2014-1723

The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers IRIs, which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left RTL Unicode text...

Slackware: Security Advisory (SSA:2016-308-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

curl security and bug fix update

7.29.0-57.0.1 - Fix TFTP small blocksize heap buffer overflow https://curl.haxx.se/docs/CVE-2019-5482.htmlCVE-2019-5482Orabug: 30568724 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitiv...

curl: URL unescape heap overflow via integer truncation

The URL percent-encoding decode function in libcurl before 7.51.0 is called curleasyunescape. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get...

curl: URL unescape heap overflow via integer truncation

The URL percent-encoding decode function in libcurl before 7.51.0 is called curleasyunescape. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get...

Amazon Linux AMI : curl (ALAS-2016-766)

This build resolves the following issues : CVE-2016-8615 : Cookie injection for other servers CVE-2016-8616 : Case insensitive password comparison CVE-2016-8617 : Out-of-bounds write via unchecked multiplication CVE-2016-8618 : Double-free in curlmaprintf CVE-2016-8619 : Double-free in krb5 code...

Security fix for the ALT Linux 8 package curl version 7.51.0-alt1

Nov. 2, 2016 Anton Farygin 7.51.0-alt1 - new version with security fixes: CVE-2016-8615: cookie injection for other servers CVE-2016-8616: case insensitive password comparison CVE-2016-8617: OOB write via unchecked multiplication CVE-2016-8618: double-free in curlmaprintf CVE-2016-8619: double-fr...

cURL -- multiple vulnerabilities

The cURL project reports cookie injection for other servers case insensitive password comparison OOB write via unchecked multiplication double-free in curlmaprintf double-free in krb5 code glob parser write/read out of bounds curlgetdate read out of bounds URL unescape heap overflow via integer...

RHEL 4 : HelixPlayer (RHSA-2010:0094)

The remote Redhat Enterprise Linux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2010:0094 advisory. - HelixPlayer / RealPlayer: GIF file heap overflow CVE-2009-4242 - HelixPlayer / RealPlayer: compressed GIF heap overflow CVE-2009-4245 -...