CVE-2026-27135 affecting package cmake for versions less than 3.30.3-13

CVE-2026-27135 affecting package cmake for versions less than 3.30.3-13. A patched version of the package is available...

AZL-59385 CVE-2024-48615 affecting package cmake for versions less than 3.30.3-6

Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function headerpaxextension at rchivereadsupportformattar.c:1844:8...

CVE-2023-27538 affecting package cmake for versions less than 3.21.4-13

CVE-2023-27538 affecting package cmake for versions less than 3.21.4-13. A patched version of the package is available...

AZL-52402 CVE-2024-9681 affecting package cmake for versions less than 3.21.4-16

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

AZL-47282 CVE-2024-7264 affecting package cmake for versions less than 3.30.3-4

libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...

AZL-34610 CVE-2023-38546 affecting package cmake for versions less than 3.21.4-10

This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a functio...

AZL-25787 CVE-2023-27535 affecting package cmake for versions less than 3.21.4-13

An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...

AZL-25784 CVE-2023-27534 affecting package cmake for versions less than 3.21.4-12

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

AZL-34613 CVE-2023-27538 affecting package cmake for versions less than 3.28.2-1

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...

AZL-34615 CVE-2023-23914 affecting package cmake for versions less than 3.21.4-10

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is...

AZL-34604 CVE-2022-43552 affecting package cmake for versions less than 3.28.2-1

A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocat...