Search for packages
| purl | pkg:generic/curl.se/curl@7.11.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-26ju-84rx-c7b9
Aliases: CVE-2017-7407 |
Multiple vulnerabilities have been found in cURL, the worst of which may allow attackers to bypass intended restrictions. |
Affected by 65 other vulnerabilities. |
|
VCID-2cx5-1qnw-uufj
Aliases: CVE-2026-1965 |
curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication |
Affected by 0 other vulnerabilities. |
|
VCID-2f5z-vxsz-yqdv
Aliases: CVE-2009-0037 |
A vulnerability in cURL may allow for arbitrary file access. |
Affected by 65 other vulnerabilities. |
|
VCID-2xmp-jc8v-bucb
Aliases: CVE-2022-35252 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 39 other vulnerabilities. |
|
VCID-3sy2-4f3g-zkac
Aliases: CVE-2022-27774 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 46 other vulnerabilities. |
|
VCID-4drq-2td7-akbk
Aliases: CVE-2005-3185 |
cURL is vulnerable to a buffer overflow which could lead to the execution of arbitrary code. |
Affected by 58 other vulnerabilities. |
|
VCID-4mk9-5buz-puh5
Aliases: CVE-2014-0139 |
Multiple vulnerabilities have been discovered in cURL, the worst of which could lead to man-in-the-middle attacks. |
Affected by 90 other vulnerabilities. |
|
VCID-6muy-xpdq-9kg8
Aliases: CVE-2016-8616 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 67 other vulnerabilities. |
|
VCID-6we4-n888-6qhe
Aliases: CVE-2025-0725 |
libcurl: Buffer Overflow in libcurl via zlib Integer Overflow |
Affected by 13 other vulnerabilities. |
|
VCID-6yb7-t8qs-cbch
Aliases: CVE-2018-1000007 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. |
Affected by 62 other vulnerabilities. |
|
VCID-7c8e-eaqy-akeu
Aliases: CVE-2015-3153 |
security update |
Affected by 85 other vulnerabilities. |
|
VCID-7xxh-66ys-4bhw
Aliases: CVE-2016-5419 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 80 other vulnerabilities. |
|
VCID-8zks-th64-33b8
Aliases: CVE-2026-3784 |
curl: curl: Unauthorized access due to improper HTTP proxy connection reuse |
Affected by 0 other vulnerabilities. |
|
VCID-9nak-pscy-e7gs
Aliases: CVE-2022-32221 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 35 other vulnerabilities. |
|
VCID-9q2w-yxvk-pbhd
Aliases: CVE-2005-4077 |
cURL is vulnerable to local arbitrary code execution via buffer overflow due to the insecure parsing of URLs. |
Affected by 57 other vulnerabilities. |
|
VCID-ae59-w7a1-7keg
Aliases: CVE-2017-1000254 |
Multiple vulnerabilities have been found in cURL, the worst of which may allow execution of arbitrary code. |
Affected by 64 other vulnerabilities. |
|
VCID-arjz-67yz-wkg9
Aliases: CVE-2023-27533 |
Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. |
Affected by 26 other vulnerabilities. |
|
VCID-b2ef-zj3u-rbhy
Aliases: CVE-2016-0755 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 84 other vulnerabilities. |
|
VCID-bvgs-71kb-mbcx
Aliases: CVE-2005-0490 |
security flaw |
Affected by 55 other vulnerabilities. |
|
VCID-c2na-7q9e-47am
Aliases: CVE-2014-0015 |
information disclosure |
Affected by 91 other vulnerabilities. |
|
VCID-c6dk-7gj6-7far
Aliases: CVE-2016-8623 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 67 other vulnerabilities. |
|
VCID-ddgz-rczw-jqfw
Aliases: CVE-2023-28320 |
Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. |
Affected by 22 other vulnerabilities. |
|
VCID-dj5e-62rt-hkex
Aliases: CVE-2010-0734 |
Multiple vulnerabilities have been found in cURL, the worst of which might allow remote execution of arbitrary code. |
Affected by 72 other vulnerabilities. |
|
VCID-dzzd-afgu-3fcy
Aliases: CVE-2014-8150 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 88 other vulnerabilities. |
|
VCID-e1yx-dxa6-1bba
Aliases: CVE-2011-3389 |
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. |
Affected by 75 other vulnerabilities. |
|
VCID-e58m-g37d-9fd6
Aliases: CVE-2016-8624 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 67 other vulnerabilities. |
|
VCID-exhe-cmqf-duad
Aliases: CVE-2011-2192 |
Multiple vulnerabilities have been found in cURL, the worst of which might allow remote execution of arbitrary code. |
Affected by 75 other vulnerabilities. |
|
VCID-fnj3-2du1-4bhx
Aliases: CVE-2016-9586 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 68 other vulnerabilities. |
|
VCID-ggt7-eejg-xfb6
Aliases: CVE-2021-22876 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in the arbitrary execution of code. |
Affected by 51 other vulnerabilities. |
|
VCID-gnx2-djyk-uyaf
Aliases: CVE-2023-38546 |
Cookie injection with none file This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle does not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course. |
Affected by 19 other vulnerabilities. |
|
VCID-hudt-78dw-tkf2
Aliases: CVE-2021-22925 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 48 other vulnerabilities. |
|
VCID-jeqg-g3en-5udw
Aliases: CVE-2016-5420 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 80 other vulnerabilities. |
|
VCID-jtw4-af4y-nkbk
Aliases: CVE-2016-8619 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 67 other vulnerabilities. |
|
VCID-k8kj-q1je-f7bt
Aliases: CVE-2016-7167 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 78 other vulnerabilities. |
|
VCID-ph5u-5j8n-4qah
Aliases: CVE-2021-22898 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in the arbitrary execution of code. |
Affected by 53 other vulnerabilities. |
|
VCID-prff-34kh-kbat
Aliases: CVE-2013-1944 |
Multiple vulnerabilities have been found in cURL, allowing attackers to execute arbitrary code or cause Denial of Service. |
Affected by 81 other vulnerabilities. |
|
VCID-r3ny-7kn7-ukaa
Aliases: CVE-2009-2417 |
An error in the X.509 certificate handling of cURL might enable remote attackers to conduct man-in-the-middle attacks. |
Affected by 65 other vulnerabilities. |
|
VCID-r7bh-7wur-xffs
Aliases: CVE-2022-27776 |
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. |
Affected by 46 other vulnerabilities. |
|
VCID-rmez-cwu2-2ya7
Aliases: CVE-2020-8284 |
Multiple vulnerabilities have been found in cURL, the worst of which could result in information disclosure or data loss. |
Affected by 50 other vulnerabilities. |
|
VCID-s73y-y7v7-43cm
Aliases: CVE-2023-28322 |
Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. |
Affected by 22 other vulnerabilities. |
|
VCID-sknq-8mm1-6qfe
Aliases: CVE-2014-3613 |
security update |
Affected by 89 other vulnerabilities. |
|
VCID-snaz-pg1h-8kew
Aliases: CVE-2016-0754 |
cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name. |
Affected by 84 other vulnerabilities. |
|
VCID-tmv3-fzje-sbck
Aliases: CVE-2015-3148 |
Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition. |
Affected by 86 other vulnerabilities. |
|
VCID-vxpj-xygq-9be2
Aliases: CVE-2016-8615 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 67 other vulnerabilities. |
|
VCID-vyk2-s5ut-ubbz
Aliases: CVE-2016-8618 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 67 other vulnerabilities. |
|
VCID-wc8j-qyp4-tqbd
Aliases: CVE-2016-4802 |
Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. |
Affected by 83 other vulnerabilities. |
|
VCID-xspf-45t1-2uhf
Aliases: CVE-2015-3143 |
Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition. |
Affected by 86 other vulnerabilities. |
|
VCID-y32p-52ps-4ug4
Aliases: CVE-2021-22924 |
Use of Incorrectly-Resolved Name or Reference libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function does not take `issuercert` into account and it compared the involved paths *case insensitively*, which could lead to libcurl reusing wrong connections. File paths are, or can be, case sensitive on many systems but not all, and can even vary depending on used file systems. The comparison also didn't include the `issuer cert` which a transfer can set to qualify how to verify the server certificate. |
Affected by 48 other vulnerabilities. |
|
VCID-z49y-v1gh-h7gj
Aliases: CVE-2013-2174 |
Multiple vulnerabilities have been found in cURL, allowing attackers to execute arbitrary code or cause Denial of Service. |
Affected by 83 other vulnerabilities. |
|
VCID-z8h3-fdj8-xuaa
Aliases: CVE-2014-0138 |
Multiple vulnerabilities have been discovered in cURL, the worst of which could lead to man-in-the-middle attacks. |
Affected by 90 other vulnerabilities. |
|
VCID-zxz2-xfpd-pbay
Aliases: CVE-2016-8617 |
Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 67 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T18:21:57.676644+00:00 | Curl Importer | Affected by | VCID-bvgs-71kb-mbcx | https://curl.se/docs/CVE-2005-0490.json | 38.0.0 |
| 2026-04-01T18:21:57.482591+00:00 | Curl Importer | Affected by | VCID-4drq-2td7-akbk | https://curl.se/docs/CVE-2005-3185.json | 38.0.0 |
| 2026-04-01T18:21:57.404478+00:00 | Curl Importer | Affected by | VCID-9q2w-yxvk-pbhd | https://curl.se/docs/CVE-2005-4077.json | 38.0.0 |
| 2026-04-01T18:21:57.183958+00:00 | Curl Importer | Affected by | VCID-2f5z-vxsz-yqdv | https://curl.se/docs/CVE-2009-0037.json | 38.0.0 |
| 2026-04-01T18:21:56.867124+00:00 | Curl Importer | Affected by | VCID-r3ny-7kn7-ukaa | https://curl.se/docs/CVE-2009-2417.json | 38.0.0 |
| 2026-04-01T18:21:56.572448+00:00 | Curl Importer | Affected by | VCID-dj5e-62rt-hkex | https://curl.se/docs/CVE-2010-0734.json | 38.0.0 |
| 2026-04-01T18:21:56.305239+00:00 | Curl Importer | Affected by | VCID-exhe-cmqf-duad | https://curl.se/docs/CVE-2011-2192.json | 38.0.0 |
| 2026-04-01T18:21:56.007996+00:00 | Curl Importer | Affected by | VCID-e1yx-dxa6-1bba | https://curl.se/docs/CVE-2011-3389.json | 38.0.0 |
| 2026-04-01T18:21:55.732558+00:00 | Curl Importer | Affected by | VCID-prff-34kh-kbat | https://curl.se/docs/CVE-2013-1944.json | 38.0.0 |
| 2026-04-01T18:21:55.254492+00:00 | Curl Importer | Affected by | VCID-z49y-v1gh-h7gj | https://curl.se/docs/CVE-2013-2174.json | 38.0.0 |
| 2026-04-01T18:21:54.697878+00:00 | Curl Importer | Affected by | VCID-c2na-7q9e-47am | https://curl.se/docs/CVE-2014-0015.json | 38.0.0 |
| 2026-04-01T18:21:54.443210+00:00 | Curl Importer | Affected by | VCID-z8h3-fdj8-xuaa | https://curl.se/docs/CVE-2014-0138.json | 38.0.0 |
| 2026-04-01T18:21:54.187031+00:00 | Curl Importer | Affected by | VCID-4mk9-5buz-puh5 | https://curl.se/docs/CVE-2014-0139.json | 38.0.0 |
| 2026-04-01T18:21:53.782965+00:00 | Curl Importer | Affected by | VCID-sknq-8mm1-6qfe | https://curl.se/docs/CVE-2014-3613.json | 38.0.0 |
| 2026-04-01T18:21:53.011668+00:00 | Curl Importer | Affected by | VCID-dzzd-afgu-3fcy | https://curl.se/docs/CVE-2014-8150.json | 38.0.0 |
| 2026-04-01T18:21:52.510446+00:00 | Curl Importer | Affected by | VCID-xspf-45t1-2uhf | https://curl.se/docs/CVE-2015-3143.json | 38.0.0 |
| 2026-04-01T18:21:52.224667+00:00 | Curl Importer | Affected by | VCID-tmv3-fzje-sbck | https://curl.se/docs/CVE-2015-3148.json | 38.0.0 |
| 2026-04-01T18:21:51.818625+00:00 | Curl Importer | Affected by | VCID-7c8e-eaqy-akeu | https://curl.se/docs/CVE-2015-3153.json | 38.0.0 |
| 2026-04-01T18:21:51.183304+00:00 | Curl Importer | Affected by | VCID-b2ef-zj3u-rbhy | https://curl.se/docs/CVE-2016-0755.json | 38.0.0 |
| 2026-04-01T18:21:50.877900+00:00 | Curl Importer | Affected by | VCID-snaz-pg1h-8kew | https://curl.se/docs/CVE-2016-0754.json | 38.0.0 |
| 2026-04-01T18:21:50.125146+00:00 | Curl Importer | Affected by | VCID-wc8j-qyp4-tqbd | https://curl.se/docs/CVE-2016-4802.json | 38.0.0 |
| 2026-04-01T18:21:49.692449+00:00 | Curl Importer | Affected by | VCID-jeqg-g3en-5udw | https://curl.se/docs/CVE-2016-5420.json | 38.0.0 |
| 2026-04-01T18:21:49.192075+00:00 | Curl Importer | Affected by | VCID-7xxh-66ys-4bhw | https://curl.se/docs/CVE-2016-5419.json | 38.0.0 |
| 2026-04-01T18:21:48.422795+00:00 | Curl Importer | Affected by | VCID-k8kj-q1je-f7bt | https://curl.se/docs/CVE-2016-7167.json | 38.0.0 |
| 2026-04-01T18:21:47.721390+00:00 | Curl Importer | Affected by | VCID-e58m-g37d-9fd6 | https://curl.se/docs/CVE-2016-8624.json | 38.0.0 |
| 2026-04-01T18:21:47.225130+00:00 | Curl Importer | Affected by | VCID-c6dk-7gj6-7far | https://curl.se/docs/CVE-2016-8623.json | 38.0.0 |
| 2026-04-01T18:21:46.307843+00:00 | Curl Importer | Affected by | VCID-jtw4-af4y-nkbk | https://curl.se/docs/CVE-2016-8619.json | 38.0.0 |
| 2026-04-01T18:21:45.840892+00:00 | Curl Importer | Affected by | VCID-vyk2-s5ut-ubbz | https://curl.se/docs/CVE-2016-8618.json | 38.0.0 |
| 2026-04-01T18:21:45.298772+00:00 | Curl Importer | Affected by | VCID-zxz2-xfpd-pbay | https://curl.se/docs/CVE-2016-8617.json | 38.0.0 |
| 2026-04-01T18:21:44.897333+00:00 | Curl Importer | Affected by | VCID-6muy-xpdq-9kg8 | https://curl.se/docs/CVE-2016-8616.json | 38.0.0 |
| 2026-04-01T18:21:44.470297+00:00 | Curl Importer | Affected by | VCID-vxpj-xygq-9be2 | https://curl.se/docs/CVE-2016-8615.json | 38.0.0 |
| 2026-04-01T18:21:43.612859+00:00 | Curl Importer | Affected by | VCID-fnj3-2du1-4bhx | https://curl.se/docs/CVE-2016-9586.json | 38.0.0 |
| 2026-04-01T18:21:42.978637+00:00 | Curl Importer | Affected by | VCID-26ju-84rx-c7b9 | https://curl.se/docs/CVE-2017-7407.json | 38.0.0 |
| 2026-04-01T18:21:41.925170+00:00 | Curl Importer | Affected by | VCID-ae59-w7a1-7keg | https://curl.se/docs/CVE-2017-1000254.json | 38.0.0 |
| 2026-04-01T18:21:40.717211+00:00 | Curl Importer | Affected by | VCID-6yb7-t8qs-cbch | https://curl.se/docs/CVE-2018-1000007.json | 38.0.0 |
| 2026-04-01T18:21:35.775121+00:00 | Curl Importer | Affected by | VCID-rmez-cwu2-2ya7 | https://curl.se/docs/CVE-2020-8284.json | 38.0.0 |
| 2026-04-01T18:21:34.440844+00:00 | Curl Importer | Affected by | VCID-ggt7-eejg-xfb6 | https://curl.se/docs/CVE-2021-22876.json | 38.0.0 |
| 2026-04-01T18:21:33.625706+00:00 | Curl Importer | Affected by | VCID-ph5u-5j8n-4qah | https://curl.se/docs/CVE-2021-22898.json | 38.0.0 |
| 2026-04-01T18:21:32.366865+00:00 | Curl Importer | Affected by | VCID-y32p-52ps-4ug4 | https://curl.se/docs/CVE-2021-22924.json | 38.0.0 |
| 2026-04-01T18:21:31.846380+00:00 | Curl Importer | Affected by | VCID-hudt-78dw-tkf2 | https://curl.se/docs/CVE-2021-22925.json | 38.0.0 |
| 2026-04-01T18:21:29.792643+00:00 | Curl Importer | Affected by | VCID-3sy2-4f3g-zkac | https://curl.se/docs/CVE-2022-27774.json | 38.0.0 |
| 2026-04-01T18:21:28.933106+00:00 | Curl Importer | Affected by | VCID-r7bh-7wur-xffs | https://curl.se/docs/CVE-2022-27776.json | 38.0.0 |
| 2026-04-01T18:21:26.545509+00:00 | Curl Importer | Affected by | VCID-2xmp-jc8v-bucb | https://curl.se/docs/CVE-2022-35252.json | 38.0.0 |
| 2026-04-01T18:21:25.768203+00:00 | Curl Importer | Affected by | VCID-9nak-pscy-e7gs | https://curl.se/docs/CVE-2022-32221.json | 38.0.0 |
| 2026-04-01T18:21:24.075634+00:00 | Curl Importer | Affected by | VCID-arjz-67yz-wkg9 | https://curl.se/docs/CVE-2023-27533.json | 38.0.0 |
| 2026-04-01T18:21:21.575108+00:00 | Curl Importer | Affected by | VCID-ddgz-rczw-jqfw | https://curl.se/docs/CVE-2023-28320.json | 38.0.0 |
| 2026-04-01T18:21:20.504395+00:00 | Curl Importer | Affected by | VCID-s73y-y7v7-43cm | https://curl.se/docs/CVE-2023-28322.json | 38.0.0 |
| 2026-04-01T18:21:19.625878+00:00 | Curl Importer | Affected by | VCID-gnx2-djyk-uyaf | https://curl.se/docs/CVE-2023-38546.json | 38.0.0 |
| 2026-04-01T18:21:16.757488+00:00 | Curl Importer | Affected by | VCID-6we4-n888-6qhe | https://curl.se/docs/CVE-2025-0725.json | 38.0.0 |
| 2026-04-01T18:21:13.927949+00:00 | Curl Importer | Affected by | VCID-2cx5-1qnw-uufj | https://curl.se/docs/CVE-2026-1965.json | 38.0.0 |
| 2026-04-01T18:21:12.731067+00:00 | Curl Importer | Affected by | VCID-8zks-th64-33b8 | https://curl.se/docs/CVE-2026-3784.json | 38.0.0 |