Search for packages
| purl | pkg:deb/debian/curl@7.88.1-10%2Bdeb12u7 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2cx5-1qnw-uufj | curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication |
CVE-2026-1965
|
| VCID-2szj-xvgq-pkfr | curl: QUIC certificate check bypass with wolfSSL |
CVE-2024-2379
|
| VCID-4e1k-7bj9-hfch | Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. |
CVE-2023-23914
|
| VCID-4gze-cwtp-2bgr | Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. |
CVE-2023-23915
|
| VCID-4seq-hvbx-7fg8 | Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure. |
CVE-2023-46219
|
| VCID-56wg-yafz-gkgx | Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
CVE-2021-22922
|
| VCID-6we4-n888-6qhe | libcurl: Buffer Overflow in libcurl via zlib Integer Overflow |
CVE-2025-0725
|
| VCID-8zks-th64-33b8 | curl: curl: Unauthorized access due to improper HTTP proxy connection reuse |
CVE-2026-3784
|
| VCID-ddgz-rczw-jqfw | Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. |
CVE-2023-28320
|
| VCID-etzn-uhck-h7b2 | curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect |
CVE-2026-3783
|
| VCID-hrsy-694u-2fec | curl: OCSP stapling bypass with GnuTLS |
CVE-2024-8096
|
| VCID-mkyr-w79c-qqfz | curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers |
CVE-2025-14017
|
| VCID-nvzd-v3bs-6qek | When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file. |
CVE-2025-15079
|
| VCID-pwn6-j8vf-rufk | curl: HSTS subdomain overwrites parent cache entry |
CVE-2024-9681
|
| VCID-qbpd-star-6fgn | Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
CVE-2021-22923
|
| VCID-qpux-jh6k-8qhx | curl: Curl missing SFTP host verification with wolfSSH backend |
CVE-2025-10966
|
| VCID-vbbv-k1r7-kkas | When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent. |
CVE-2025-15224
|
| VCID-x57x-w8g8-7ybz | When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. |
CVE-2025-14524
|
| VCID-xpss-yndr-mycj | Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. |
CVE-2022-43551
|
| VCID-yaas-j3qk-kfdg | Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
CVE-2022-42916
|