|
271381
|
5.9 |
MEDIUM
Network
|
haxx
|
curl
|
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an u…
|
CWE-255
Credentials Management
|
CVE-2016-8616
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271382
|
7.5 |
HIGH
Network
|
haxx
|
curl
|
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookie…
|
-
|
CVE-2016-8615
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271383
|
7.5 |
HIGH
Network
|
haxx
|
curl
|
The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-8621
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271384
|
7.0 |
HIGH
Local
|
haxx
|
curl
|
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.
|
-
|
CVE-2016-8617
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271385
|
7.5 |
HIGH
Network
|
haxx
|
curl
|
curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different ho…
|
-
|
CVE-2016-8624
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271386
|
9.8 |
CRITICAL
Network
|
haxx
|
libcurl
|
The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than …
|
CWE-787
Out-of-bounds Write
|
CVE-2016-8622
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271387
|
9.8 |
CRITICAL
Network
|
haxx
|
curl
|
The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.
|
CWE-415
Double Free
|
CVE-2016-8618
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271388
|
7.5 |
HIGH
Network
|
redhat
|
ansible
|
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and i…
|
CWE-320
Key Management Errors
|
CVE-2016-8614
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271389
|
7.7 |
HIGH
Network
|
redhat
|
openshift
|
The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect net…
|
-
|
CVE-2016-8631
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271390
|
9.1 |
CRITICAL
Network
|
redhat
|
ansible
|
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbit…
|
CWE-77
Command Injection
|
CVE-2016-8628
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|