VYPR

rpm package

opensuse/curl&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/curl&distro=openSUSE%20Tumbleweed

Vulnerabilities (151)

  • CVE-2021-22890Apr 1, 2021
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as

  • CVE-2021-22876Apr 1, 2021
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP

  • CVE-2021-22298Feb 6, 2021
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions i

  • CVE-2020-8285HigDec 14, 2020
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

  • CVE-2020-8284LowDec 14, 2020
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanni

  • CVE-2020-8169Dec 14, 2020
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

  • CVE-2020-8286Dec 14, 2020
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

  • CVE-2020-8231Dec 14, 2020
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

  • CVE-2019-5482CriSep 16, 2019
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

  • CVE-2019-5481CriSep 16, 2019
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

  • CVE-2019-5436HigMay 28, 2019
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

  • CVE-2019-5435May 28, 2019
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.

  • CVE-2019-3823Feb 6, 2019
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5,

  • CVE-2019-3822Feb 6, 2019
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received

  • CVE-2018-16890Feb 6, 2019
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulne

  • CVE-2018-16842Oct 31, 2018
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

  • CVE-2018-16840Oct 31, 2018
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and mi

  • CVE-2018-16839Oct 31, 2018
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.

  • CVE-2018-14618Sep 5, 2018
    affected < 7.79.1-1.1fixed 7.79.1-1.1

    curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length va

  • CVE-2016-8625Aug 1, 2018
    affected < 7.51.0-1.1fixed 7.51.0-1.1

    curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.

Page 5 of 8