Siemens SIMATIC S7-1500 Improper Certificate Validation (CVE-2020-8286)

The libcurl library versions 7.41.0 to and including 7.73.0 are vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. This vulnerability could allow an attacker to pass a revoked certificate as valid. This plugin only works with...

Curl 7.41.0 < 8.10.0 Security Bypass (CVE-2024-8096)

The version of Curl installed on the remote host is between 7.41.0 prior to 8.10.0. It is, therefore, affected by a security bypass vulnerability. When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is...

curl 安全漏洞

curl is a cURL open source tool for transferring data from or to a server. A security vulnerability exists in curl versions 7.41.0 through 8.9.1 that stems from an inability to detect certain OCSP issues...

CVE-2024-8096

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error tha...

K15402727: cURL vulnerability CVE-2020-8286

Security Advisory Description curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. CVE-2020-8286 Impact An attacker could provide a forged OCSP response to the F5 product that has made the request with curl...

SUSE CVE-2015-3144

The fixhostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service out-of-bounds read or write and crash or possibly have other unspecified impact via a zero-length host name, as demonstrated by...

SUSE CVE-2015-3148

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request...

CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

UBUNTU-CVE-2015-3145

The sanitizecookiepath function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service out-of-bounds write and crash or possibly have other unspecified impact via a cookie path containing only a double-quote...

UBUNTU-CVE-2015-3144

The fixhostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service out-of-bounds read or write and crash or possibly have other unspecified impact via a zero-length host name, as demonstrated by...

PT-2015-6076 · Curl +4 · Libcurl +4

Name of the Vulnerable Software and Affected Versions: libcurl versions 7.31.0 through 7.41.0 Description: The issue arises from the sanitize cookie path function not properly validating input, specifically when encountering a cookie path containing only a double-quote character. This can lead to...