diff options
| -rw-r--r-- | security/vuxml/vuln.xml | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3f4a8e2361d2..f0f68f06cfd4 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,54 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="765feb7d-a0d1-11e6-a881-b499baebfeaf"> + <topic>cURL -- multiple vulnerabilities</topic> + <affects> + <package> + <name>curl</name> + <range><ge>7.1</ge><lt>7.51.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The cURL project reports</p> + <blockquote cite="https://curl.haxx.se/docs/security.html"> + <ul> + <li>cookie injection for other servers</li> + <li>case insensitive password comparison</li> + <li>OOB write via unchecked multiplication</li> + <li>double-free in curl_maprintf</li> + <li>double-free in krb5 code</li> + <li>glob parser write/read out of bounds</li> + <li>curl_getdate read out of bounds</li> + <li>URL unescape heap overflow via integer truncation</li> + <li>Use-after-free via shared cookies</li> + <li>invalid URL parsing with '#'</li> + <li>IDNA 2003 makes curl use wrong host</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>https://curl.haxx.se/docs/security.html</url> + <cvename>CVE-2016-8615</cvename> + <cvename>CVE-2016-8616</cvename> + <cvename>CVE-2016-8617</cvename> + <cvename>CVE-2016-8618</cvename> + <cvename>CVE-2016-8619</cvename> + <cvename>CVE-2016-8620</cvename> + <cvename>CVE-2016-8621</cvename> + <cvename>CVE-2016-8622</cvename> + <cvename>CVE-2016-8623</cvename> + <cvename>CVE-2016-8624</cvename> + <cvename>CVE-2016-8625</cvename> + </references> + <dates> + <discovery>2016-11-02</discovery> + <entry>2016-11-02</entry> + </dates> + </vuln> + <vuln vid="0b8d01a4-a0d2-11e6-9ca2-d050996490d0"> <topic>BIND -- Remote Denial of Service vulnerability</topic> <affects> |