EUVD-2023-2851

Malicious code in bioql PyPI...

CVE-2023-42509

JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data...

CVE-2023-46729 Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint

sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has bee...

PT-2023-7670 · Unknown · Sentry-Javascript

Name of the Vulnerable Software and Affected Versions: sentry-javascript versions prior to 7.77.0 Description: The issue is related to insufficient input validation in the sentry-javascript SDK, specifically affecting the Next.js SDK tunnel endpoint. This allows an attacker to send HTTP requests ...

Tenable SecurityCenter 5.22.0 / 5.23.1 Multiple Vulnerabilities (TNS-2023-05)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is running 5.22.0 or 5.23.1 and is therefore affected by multiple vulnerabilities in curl starting with 7.77.0 and before 7.86.0: - If curl is told to use an HTTP proxy for a transfer with ...

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL it sets up the connection to the remote server by issuing a CONNECT request to the proxy and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict gopher gophers ldap ldaps rtmp rtmps or telnet. The earliest affected version is 7.77.0.

...

In curl before 7.86.0 the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion e.g. using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.

...

CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

PT-2022-5378

Name of the Vulnerable Software and Affected Versions curl versions 7.77.0 through 7.85.0 Description The issue is related to the HSTS check in curl, which can be bypassed to trick it into staying with HTTP. This can happen when the host name in the given URL uses IDN characters that get replaced...

PT-2021-6778 · Curl +7 · Curl +7

Name of the Vulnerable Software and Affected Versions: curl versions prior to 7.77.0 Description: The issue is related to insufficient protection of registration data, allowing a remote attacker to access confidential data. When curl is instructed to get content using the metalink feature and a...

curl: CVE-2021-22925: TELNET stack contents disclosure again

Summary: CVE-2021-22898: TELNET stack contents disclosure 1176461 issue was recently reported for curl and it was addressed in curl 7.77.0: https://curl.se/docs/CVE-2021-22898.html https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde https://hackerone.com/reports/1176461...

[ASA-202106-9] lib32-libcurl-gnutls: information disclosure

Arch Linux Security Advisory ASA-202106-9 ========================================= Severity: Medium Date : 2021-06-01 CVE-ID : CVE-2021-22898 Package : lib32-libcurl-gnutls Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2000 Summary ======= The package...

Information Disclosure

curl is vulnerable to information disclosure. The vulnerability exists in -t command line in CURLOPTTELNETOPTIONS because the option parser for sending NEWENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server which allows an attacker to...

cURL: Multiple vulnerabilities

Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...