Количество 15
Количество 15
BDU:2023-02084
Уязвимость утилиты программной строки curl, связанная неправильной заменой символа тильды (~) при использовании в качестве префикса в первом элементе path, позволяющая нарушителю обойти фильтрацию или выполнить произвольный код
CVE-2023-27534
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
CVE-2023-27534
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
CVE-2023-27534
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
CVE-2023-27534
CVE-2023-27534
A path traversal vulnerability exists in curl <8.0.0 SFTP implementati ...
GHSA-4j25-c9rf-fp5f
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
ROS-20230406-21
Множественные уязвимости libcurl
ROS-20230406-01
Множественные уязвимости curl
ELSA-2023-6679
ELSA-2023-6679: curl security update (MODERATE)
SUSE-SU-2023:1582-1
Security update for curl
SUSE-SU-2023:0865-1
Security update for curl
SUSE-SU-2023:1711-1
Security update for curl
SUSE-SU-2023:2228-1
Security update for curl
SUSE-SU-2023:2226-1
Security update for curl
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2023-02084 Уязвимость утилиты программной строки curl, связанная неправильной заменой символа тильды (~) при использовании в качестве префикса в первом элементе path, позволяющая нарушителю обойти фильтрацию или выполнить произвольный код | CVSS3: 3.7 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-27534 A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. | CVSS3: 8.8 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-27534 A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. | CVSS3: 3.7 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-27534 A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. | CVSS3: 8.8 | 0% Низкий | больше 2 лет назад |
 | CVSS3: 8.8 | 0% Низкий | больше 2 лет назад | |
| CVE-2023-27534 A path traversal vulnerability exists in curl <8.0.0 SFTP implementati ... | CVSS3: 8.8 | 0% Низкий | больше 2 лет назад |
| GHSA-4j25-c9rf-fp5f A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. | CVSS3: 8.8 | 0% Низкий | больше 2 лет назад |
 | ROS-20230406-21 Множественные уязвимости libcurl | CVSS3: 3.7 | больше 2 лет назад | |
| ROS-20230406-01 Множественные уязвимости curl | CVSS3: 3.7 | больше 2 лет назад | |
| ELSA-2023-6679 ELSA-2023-6679: curl security update (MODERATE) | почти 2 года назад | ||
 | SUSE-SU-2023:1582-1 Security update for curl | больше 2 лет назад | ||
| SUSE-SU-2023:0865-1 Security update for curl | больше 2 лет назад | ||
| SUSE-SU-2023:1711-1 Security update for curl | больше 2 лет назад | ||
| SUSE-SU-2023:2228-1 Security update for curl | больше 2 лет назад | ||
| SUSE-SU-2023:2226-1 Security update for curl | больше 2 лет назад |
Уязвимостей на страницу