CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8620 – curl: Glob parser write/read out of bounds
https://notcve.org/view.php?id=CVE-2016-8620
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. La funcionalidad de "globbing" en curl en versiones anteriores a la 7.51.0 tiene un error que conduce a un desbordamiento de enteros y a una lectura fuera de límites mediante entradas controladas por el usuario. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94102 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8620 https://curl.haxx.se/docs/adv_20161102F.html https://security.gentoo.org/glsa/201701-47 https://www.tenable.com/security/tns-2016-21 https://access.redhat.com/security/cve/CVE-2016-8620 https://bugzilla.redhat.com& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8621 – curl: curl_getdate out-of-bounds read
https://notcve.org/view.php?id=CVE-2016-8621
The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. La función "curl_getdate" en curl en versiones anteriores a la 7.51.0 es vulnerable a una lectura fuera de límites si recibe una entrada a la que le falta un dígito. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94101 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621 https://curl.haxx.se/CVE-2016-8621.patch https://curl.haxx.se/docs/adv_20161102G.html https://security.gentoo.org/glsa/201701-47 https://www.tenable.com/security/ • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8623 – curl: Use-after-free via shared cookies
https://notcve.org/view.php?id=CVE-2016-8623
A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. Se ha descubierto un problema en versiones anteriores a la 7.51.0 de curl. La forma en la que curl gestiona las cookies permite que otros hilos desencadenen un uso de memoria previamente liberada que conduce a una divulgación de información. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94106 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623 https://curl.haxx.se/CVE-2016-8623.patch https://curl.haxx.se/docs/adv_20161102I.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissu • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8624 – curl: Invalid URL parsing with '#'
https://notcve.org/view.php?id=CVE-2016-8624
curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them. curl en versiones anteriores a la 7.51.0 no analiza el componente authority de la URL correctamente cuando el nombre del host termina con un carácter "#" y podría conectarse a un host diferente. Esto podría tener implicaciones de seguridad si, por ejemplo, se emplea un analizador URL que sigue el RFC para buscar dominios permitidos antes de emplear curl para solicitarlos. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94103 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624 https://curl.haxx.se/docs/adv_20161102J.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apac • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4802
https://notcve.org/view.php?id=CVE-2016-4802
Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. Múltiples vulnerabilidades de búsqueda de ruta no confiable en cURL y libcurl en versiones anteriores a 7.49.1, cuando se construye con SSPI o telnet está habilitada, permiten a usuarios locales ejecutar código arbitrario y llevar a cabo ataques de secuestro DLL a través de un troyano (1) security.dll, (2) secur32.dll o (3) ws2_32.dll en la aplicación o directorio de trabajo actual. • http://www.securityfocus.com/bid/90997 http://www.securitytracker.com/id/1036008 https://curl.haxx.se/docs/adv_20160530.html • CWE-264: Permissions, Privileges, and Access Controls •