VYPR

Vendor CVEs

Curl

All CVEs

184 total · sorted by risk
  • CVE-2021-22890Apr 1, 2021
    risk 0.00cvss epss 0.03

    curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as…

  • CVE-2021-22876Apr 1, 2021
    risk 0.00cvss epss 0.05

    curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP…

  • CVE-2020-8169Dec 14, 2020
    risk 0.00cvss epss 0.03

    curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

  • CVE-2020-8286Dec 14, 2020
    risk 0.00cvss epss 0.05

    curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

  • CVE-2020-8231Dec 14, 2020
    risk 0.00cvss epss 0.04

    Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

  • CVE-2016-4606Feb 21, 2020
    risk 0.00cvss epss 0.03

    Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other…

  • CVE-2019-5443Jul 2, 2019
    risk 0.00cvss epss 0.01

    A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything…

  • CVE-2019-5435May 28, 2019
    risk 0.00cvss epss 0.05

    An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.

  • CVE-2018-16890Feb 6, 2019
    risk 0.00cvss epss 0.05

    libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow…

  • CVE-2018-16842Oct 31, 2018
    risk 0.00cvss epss 0.02

    Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

  • CVE-2018-16839Oct 31, 2018
    risk 0.00cvss epss 0.06

    Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.

  • CVE-2018-16840Oct 31, 2018
    risk 0.00cvss epss 0.03

    A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and…

  • CVE-2018-1000005CriJan 24, 2018
    risk 0.00cvss 9.1epss 0.05

    libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The…

  • CVE-2014-8151Jan 15, 2015
    risk 0.00cvss epss 0.01

    The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows…

  • CVE-2014-3620Nov 18, 2014
    risk 0.00cvss epss 0.05

    cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.

  • CVE-2014-3707Nov 15, 2014
    risk 0.00cvss epss 0.05

    The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory…

  • CVE-2014-2522Apr 18, 2014
    risk 0.00cvss epss 0.03

    curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that…

  • CVE-2014-0139Apr 15, 2014
    risk 0.00cvss epss 0.05

    cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via…

  • CVE-2014-0138Apr 15, 2014
    risk 0.00cvss epss 0.05

    The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a…

  • CVE-2014-1263Feb 27, 2014
    risk 0.00cvss epss 0.03

    curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509…

  • CVE-2014-0015Feb 2, 2014
    risk 0.00cvss epss 0.06

    cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.

  • CVE-2013-6422Dec 23, 2013
    risk 0.00cvss epss 0.03

    The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct…

  • CVE-2013-4545Nov 23, 2013
    risk 0.00cvss epss 0.03

    cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof…

  • CVE-2013-2174Jul 31, 2013
    risk 0.00cvss epss 0.11

    Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent)…

  • CVE-2013-1944Apr 29, 2013
    risk 0.00cvss epss 0.05

    The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

  • CVE-2012-0036Apr 13, 2012
    risk 0.00cvss epss 0.17

    curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or…

  • CVE-2011-2192Jul 7, 2011
    risk 0.00cvss epss 0.03

    The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

  • CVE-2010-3842Oct 28, 2010
    risk 0.00cvss epss 0.02

    Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP…

  • CVE-2010-0734Mar 19, 2010
    risk 0.00cvss epss 0.04

    content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or…

  • CVE-2009-2417Aug 14, 2009
    risk 0.00cvss epss 0.04

    lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a…

  • CVE-2007-3564Jul 18, 2007
    risk 0.00cvss epss 0.02

    libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.

  • CVE-2006-1061Mar 21, 2006
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.

  • CVE-2005-4077Dec 8, 2005
    risk 0.00cvss epss 0.01

    Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte…

  • CVE-2005-3185Oct 13, 2005
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.

Page 4 of 4