Page 11 of 113 results (0.012 seconds)

CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 1

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. curl versiones 7.20.0 hasta 7.70.0, es vulnerable a una restricción inapropiada de nombres para archivos y otros recursos que pueden conllevar a sobrescribir demasiado un archivo local cuando el flag -J es usado A flaw was found in curl. Overwriting local files is possible when using a certain combination of command line options. Requesting content from a malicious server could lead to overwriting local files with compromised files leading to unknown effects. The highest threat from this vulnerability is to file integrity. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://curl.se/docs/CVE-2020-8177.html https://hackerone.com/reports/887462 https://www.debian.org/security/2021/dsa-4881 https://www.oracle.com/security-alerts/cpujan2022.html https://access.redhat.com/security/cve/CVE-2020-8177 https://bugzilla.redhat.com/show_bug.cgi?id=1847915 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Curl versiones anteriores a 7.49.1, en Apple OS X macOS Sierra versiones anteriores a 10.12, permite a atacantes remotos o locales ejecutar código arbitrario, conseguir información confidencial, causar condición de denegación de servicio (DoS), omitir las restricciones de seguridad y llevar a cabo acciones no autorizadas. Esto puede ayudar en otros ataques. • http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html •

CVSS: 9.8EPSS: 9%CPEs: 30EXPL: 0

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Un desbordamiento del búfer de la pila en el manejador de protocolo TFTP en cURL versiones 7.19.4 hasta 7.65.3. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html https://curl.haxx.se/docs/CVE-2019-5482.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/me • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 1%CPEs: 24EXPL: 0

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Vulnerabilidad de doble liberación en el código FTP-kerberos en cURL versiones 7.52.0 hasta 7.65.3. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html https://curl.haxx.se/docs/CVE-2019-5481.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/me • CWE-415: Double Free CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. Un usuario o programa no privilegiado puede colocar un código y un archivo de configuración en una ruta (path) no privilegiada conocida (bajo C:/usr/local/) que hará que curl anterior a versión 7.65.1 incluyéndola, ejecute automáticamente el código en la invocación (como un "engine" openssl). Si ese curl es invocado por un usuario privilegiado, este puede hacer lo que desee. • http://www.openwall.com/lists/oss-security/2019/06/24/1 http://www.securityfocus.com/bid/108881 https://curl.haxx.se/docs/CVE-2019-5443.html https://security.netapp.com/advisory/ntap-20191017-0002 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-427: Uncontrolled Search Path Element •