CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2015-3236
https://notcve.org/view.php?id=CVE-2015-3236
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors. cURL y libcurl 7.40.0 hasta la versión 7.42.1 mandan las credenciales de autenticación HTTP Basic de una conexión previa cuando se reutiliza en una conexión de reinicio (curl_easy_reset) usada para enviar una petición al mismo nombre de anfitrión, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://curl.haxx.se/docs/adv_20150617A.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securityfocus.com/bid/75385 http://www.securityfocus.com/bid/91787 https • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 1%CPEs: 14EXPL: 0CVE-2015-3237
https://notcve.org/view.php?id=CVE-2015-3237
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. La función smb_request_state en cURL y libcurl 7.40.0 hasta 7.42.1 permite a servidores SMB remotos obtener información sensible de la memoria o causar una denegación de servicio (lectura fuera de rango y caída) a través de valores de longitud y desplazamiento manipulados. • http://curl.haxx.se/docs/adv_20150617B.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/75387 http://www.securityfocus.com/bid/91787 http://www.securitytracker.com/id/1036371 https://h20566.www2.hpe.com&# • CWE-20: Improper Input Validation •