Search for packages
| purl | pkg:deb/debian/curl@7.38.0-4 |
| Next non-vulnerable version | 7.88.1-10+deb12u7 |
| Latest non-vulnerable version | 8.18.0-2 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1k8f-qgcv-xkhb
Aliases: CVE-2022-27782 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-1mf9-u8y1-zbb1
Aliases: CVE-2017-1000101 |
Multiple vulnerabilities have been found in cURL, the worst of which may allow attackers to bypass intended restrictions. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
VCID-26ju-84rx-c7b9
Aliases: CVE-2017-7407 |
Multiple vulnerabilities have been found in cURL, the worst of which may allow attackers to bypass intended restrictions. |
Affected by 67 other vulnerabilities. |
|
VCID-29n1-4u2b-tkgj
Aliases: CVE-2018-16842 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. |
Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
VCID-2b39-ubrt-hkc6
Aliases: CVE-2019-5436 |
Multiple vulnerabilities have been found in cURL, the worst of which may lead to arbitrary code execution. |
Affected by 43 other vulnerabilities. |
|
VCID-2xmp-jc8v-bucb
Aliases: CVE-2022-35252 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-36n6-qanf-nue8
Aliases: CVE-2017-7468 |
Multiple vulnerabilities have been found in cURL, the worst of which may allow attackers to bypass intended restrictions. |
Affected by 67 other vulnerabilities. |
|
VCID-3sy2-4f3g-zkac
Aliases: CVE-2022-27774 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-47qb-2qkw-1qej
Aliases: CVE-2023-28321 |
Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-5jan-pqf6-fyhr
Aliases: CVE-2016-8622 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. |
|
VCID-5n7a-9j23-e7dj
Aliases: CVE-2018-16839 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. |
Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
VCID-6muy-xpdq-9kg8
Aliases: CVE-2016-8616 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. |
|
VCID-6yb7-t8qs-cbch
Aliases: CVE-2018-1000007 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
VCID-75nw-4e2d-zqgg
Aliases: CVE-2024-7264 |
curl: libcurl: ASN.1 date parser overread |
Affected by 20 other vulnerabilities. |
|
VCID-79sv-kzb5-hbc4
Aliases: CVE-2019-3822 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. |
Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
VCID-7c8e-eaqy-akeu
Aliases: CVE-2015-3153 |
security update |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. |
|
VCID-7srk-hshe-h3f4
Aliases: CVE-2023-27538 |
Improper Authentication An authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. |
Affected by 20 other vulnerabilities. |
|
VCID-7vt9-pf5q-uqb6
Aliases: CVE-2018-1000301 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
VCID-7xxh-66ys-4bhw
Aliases: CVE-2016-5419 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. |
|
VCID-9cbd-x468-rkaw
Aliases: CVE-2018-16840 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. |
Affected by 43 other vulnerabilities. |
|
VCID-9ggp-5wfj-ufcq
Aliases: CVE-2022-43552 |
Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-9nak-pscy-e7gs
Aliases: CVE-2022-32221 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-a3v7-ptf1-6qgd
Aliases: CVE-2016-7141 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 67 other vulnerabilities. |
|
VCID-ac6r-spds-qbf5
Aliases: CVE-2019-5435 |
Multiple vulnerabilities have been found in cURL, the worst of which may lead to arbitrary code execution. |
Affected by 43 other vulnerabilities. |
|
VCID-ae59-w7a1-7keg
Aliases: CVE-2017-1000254 |
Multiple vulnerabilities have been found in cURL, the worst of which may allow execution of arbitrary code. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
VCID-arjz-67yz-wkg9
Aliases: CVE-2023-27533 |
Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-b2ef-zj3u-rbhy
Aliases: CVE-2016-0755 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. |
|
VCID-bb2f-7qrm-1kca
Aliases: CVE-2022-27781 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-bdy2-8gub-tfe6
Aliases: CVE-2021-22945 |
Double Free When sending data to an MQTT server, libcurl could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. |
Affected by 20 other vulnerabilities. |
|
VCID-bgtv-jrna-9yb3
Aliases: CVE-2016-5421 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. |
|
VCID-bhvd-ntxz-dkg4
Aliases: CVE-2017-8816 |
Multiple vulnerabilities have been found in cURL, the worst of which may allow execution of arbitrary code. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
VCID-bv57-gvfs-qfhj
Aliases: CVE-2018-1000121 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
VCID-c6dk-7gj6-7far
Aliases: CVE-2016-8623 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. |
|
VCID-cbah-e86c-w3fj
Aliases: CVE-2023-27535 |
Improper Authentication An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information. |
Affected by 20 other vulnerabilities. |
|
VCID-cbph-fu9d-gbah
Aliases: CVE-2018-1000122 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
VCID-cp4n-p2z3-43b4
Aliases: CVE-2020-8177 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in information disclosure or data loss. |
Affected by 43 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-dgtq-eaav-jyhf
Aliases: CVE-2018-1000120 GHSA-674j-7m97-j2p9 |
Out-of-bounds Write A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
VCID-dhrf-2sz5-3bhf
Aliases: CVE-2019-5481 |
Multiple vulnerabilities have been found in cURL, the worst of which may lead to arbitrary code execution. |
Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-drkp-q9r5-ukcm
Aliases: CVE-2017-8818 |
Multiple vulnerabilities have been found in cURL, the worst of which may allow execution of arbitrary code. |
Affected by 43 other vulnerabilities. |
|
VCID-e58m-g37d-9fd6
Aliases: CVE-2016-8624 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. |
|
VCID-eap9-v2gp-fqgh
Aliases: CVE-2016-3739 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 67 other vulnerabilities. |
|
VCID-fnj3-2du1-4bhx
Aliases: CVE-2016-9586 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 67 other vulnerabilities. |
|
VCID-fnr7-xb26-dbez
Aliases: CVE-2020-19909 |
Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error. |
Affected by 20 other vulnerabilities. |
|
VCID-fp65-97n1-xuaj
Aliases: CVE-2017-1000100 |
Multiple vulnerabilities have been found in cURL, the worst of which may allow attackers to bypass intended restrictions. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
VCID-frgg-29yv-dyf7
Aliases: CVE-2021-22890 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in the arbitrary execution of code. |
Affected by 43 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-ggt7-eejg-xfb6
Aliases: CVE-2021-22876 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in the arbitrary execution of code. |
Affected by 43 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-gnx2-djyk-uyaf
Aliases: CVE-2023-38546 |
Cookie injection with none file This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle does not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course. |
Affected by 20 other vulnerabilities. |
|
VCID-gv7x-j8bz-wycc
Aliases: CVE-2022-32207 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-hrsy-694u-2fec
Aliases: CVE-2024-8096 |
curl: OCSP stapling bypass with GnuTLS |
Affected by 0 other vulnerabilities. |
|
VCID-j2cq-q3r9-jfcp
Aliases: CVE-2016-8620 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. |
|
VCID-j2qx-np45-4qdu
Aliases: CVE-2017-1000257 |
Multiple vulnerabilities have been found in cURL, the worst of which may allow execution of arbitrary code. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
VCID-j5s3-rr74-nqb8
Aliases: CVE-2020-8169 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in information disclosure or data loss. |
Affected by 43 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-jeqg-g3en-5udw
Aliases: CVE-2016-5420 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. |
|
VCID-jnfc-8f5d-pyh4
Aliases: CVE-2018-1000005 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. |
Affected by 43 other vulnerabilities. |
|
VCID-jqqf-gmd3-ubcd
Aliases: CVE-2016-8621 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. |
|
VCID-jtw4-af4y-nkbk
Aliases: CVE-2016-8619 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. |
|
VCID-ju6h-a1sz-f7e5
Aliases: CVE-2020-8285 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in information disclosure or data loss. |
Affected by 43 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-k8kj-q1je-f7bt
Aliases: CVE-2016-7167 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 67 other vulnerabilities. |
|
VCID-krgt-drpz-y7cy
Aliases: CVE-2018-1000300 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. |
Affected by 43 other vulnerabilities. |
|
VCID-ms2r-94ph-yyh3
Aliases: CVE-2023-27536 |
Improper Authentication An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed. |
Affected by 20 other vulnerabilities. |
|
VCID-n51k-39uk-auca
Aliases: CVE-2020-8286 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in information disclosure or data loss. |
Affected by 43 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-n57n-cymy-z7dr
Aliases: CVE-2023-23916 |
Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-ph5u-5j8n-4qah
Aliases: CVE-2021-22898 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in the arbitrary execution of code. |
Affected by 20 other vulnerabilities. |
|
VCID-q229-ag6u-u3hv
Aliases: CVE-2022-22576 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-q3hu-8uy5-e3a4
Aliases: CVE-2017-2629 |
A coding error has been found in cURL, causing the TLS Certificate Status Request extension check to always return true. |
Affected by 67 other vulnerabilities. |
|
VCID-qdcn-2u3v-b3cv
Aliases: CVE-2023-46218 |
Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure. |
Affected by 20 other vulnerabilities. |
|
VCID-qka4-jfdb-w3d5
Aliases: CVE-2015-3144 |
Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition. |
Affected by 67 other vulnerabilities. |
|
VCID-r447-deb8-2ydj
Aliases: CVE-2015-3237 |
Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition. |
Affected by 67 other vulnerabilities. |
|
VCID-r7bh-7wur-xffs
Aliases: CVE-2022-27776 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-rmez-cwu2-2ya7
Aliases: CVE-2020-8284 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in information disclosure or data loss. |
Affected by 43 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-s73y-y7v7-43cm
Aliases: CVE-2023-28322 |
Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-sh5a-fmna-wffr
Aliases: CVE-2021-22946 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-syz5-5y6f-s7er
Aliases: CVE-2023-27534 |
Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-t1fk-cbsx-j3gh
Aliases: CVE-2022-32205 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-t4gn-9fw8-gkc3
Aliases: CVE-2021-22947 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-t8t6-9wa3-aub7
Aliases: CVE-2022-27775 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-tcqe-7skm-b3fz
Aliases: CVE-2023-38545 |
Out-of-bounds Write This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with. |
Affected by 20 other vulnerabilities. |
|
VCID-tmv3-fzje-sbck
Aliases: CVE-2015-3148 |
Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. |
|
VCID-tz47-j4ey-t7g6
Aliases: CVE-2018-14618 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. |
Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
VCID-u4bx-xqb3-vuef
Aliases: CVE-2024-2398 |
Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure. |
Affected by 20 other vulnerabilities. |
|
VCID-v3qf-6wju-1bg8
Aliases: CVE-2018-16890 |
security update |
Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
VCID-vr9x-yqsd-6fc8
Aliases: CVE-2018-0500 |
A heap-based buffer overflow in cURL might allow remote attackers to execute arbitrary code. |
Affected by 43 other vulnerabilities. |
|
VCID-vxpj-xygq-9be2
Aliases: CVE-2016-8615 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. |
|
VCID-vyk2-s5ut-ubbz
Aliases: CVE-2016-8618 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. |
|
VCID-w8ks-xk66-r3fm
Aliases: CVE-2019-3823 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. |
Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
VCID-wh98-pw9h-cyfx
Aliases: CVE-2015-3145 |
Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition. |
Affected by 67 other vulnerabilities. |
|
VCID-wrh2-77dv-hbdz
Aliases: CVE-2017-8817 |
Multiple vulnerabilities have been found in cURL, the worst of which may allow execution of arbitrary code. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
VCID-wwam-tcmv-kqhc
Aliases: CVE-2019-5482 |
Multiple vulnerabilities have been found in cURL, the worst of which may lead to arbitrary code execution. |
Affected by 67 other vulnerabilities. Affected by 43 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-xspf-45t1-2uhf
Aliases: CVE-2015-3143 |
Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. |
|
VCID-xzay-sjpy-3yce
Aliases: CVE-2022-32206 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-y32p-52ps-4ug4
Aliases: CVE-2021-22924 |
Use of Incorrectly-Resolved Name or Reference libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function does not take `issuercert` into account and it compared the involved paths *case insensitively*, which could lead to libcurl reusing wrong connections. File paths are, or can be, case sensitive on many systems but not all, and can even vary depending on used file systems. The comparison also didn't include the `issuer cert` which a transfer can set to qualify how to verify the server certificate. |
Affected by 20 other vulnerabilities. |
|
VCID-y4x5-n5m2-x7bq
Aliases: CVE-2022-32208 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 20 other vulnerabilities. |
|
VCID-yubp-g4rt-c3e6
Aliases: CVE-2015-3236 |
Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition. |
Affected by 67 other vulnerabilities. |
|
VCID-yvdd-ataf-ckf1
Aliases: CVE-2020-8231 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in information disclosure or data loss. |
Affected by 43 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-yxks-8529-23bj
Aliases: CVE-2016-8625 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 67 other vulnerabilities. |
|
VCID-zxz2-xfpd-pbay
Aliases: CVE-2016-8617 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 96 other vulnerabilities. Affected by 67 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4mk9-5buz-puh5 | Multiple vulnerabilities have been discovered in cURL, the worst of which could lead to man-in-the-middle attacks. |
CVE-2014-0139
|
| VCID-87qu-j64w-p7fj | unchecked ssl certificate host name |
CVE-2013-4545
|
| VCID-bdrx-sm6b-sken | Multiple vulnerabilities have been found in cURL, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2013-6422
|
| VCID-c2na-7q9e-47am | information disclosure |
CVE-2014-0015
|
| VCID-dzzd-afgu-3fcy | Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
CVE-2014-8150
|
| VCID-eer3-29q8-sbgq | security update |
CVE-2014-3707
|
| VCID-ekav-zg3k-v3ea | curl: cookies accepted for TLDs |
CVE-2014-3620
|
| VCID-gwb6-rf4r-d3b2 | Multiple vulnerabilities have been found in cURL, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2013-0249
|
| VCID-prff-34kh-kbat | Multiple vulnerabilities have been found in cURL, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2013-1944
|
| VCID-sknq-8mm1-6qfe | security update |
CVE-2014-3613
|
| VCID-z49y-v1gh-h7gj | Multiple vulnerabilities have been found in cURL, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2013-2174
|
| VCID-z8h3-fdj8-xuaa | Multiple vulnerabilities have been discovered in cURL, the worst of which could lead to man-in-the-middle attacks. |
CVE-2014-0138
|