Astra Linux - уязвимость в curl

Curl versions 7.41.0 through 7.73.0 are vulnerable to a flaw related to improper checks for certificate revocation, due to insufficient verification of the OCSP response...

Curl 7.40.0 < 8.20.0 Wrong SMB Connection Reuse

The version of curl installed on the remote host is 7.40.0 prior to 8.20.0. It is, therefore, affected by a wrong SMB connection reuse vulnerability: - libcurl might in some circumstances reuse the wrong connection for SMBS transfers. The code erroneously did not consider the share name as a...

CVE-2026-1965 affecting package curl for versions less than 8.11.1-6

CVE-2026-1965 affecting package curl for versions less than 8.11.1-6. A patched version of the package is available...

curl: HSTS accepted from HTTP origin behind HTTPS proxy

curl/libcurl appears to accept and persist Strict-Transport-Security from an http:// origin when the request is sent through an https:// proxy. After that, a later http:// request for the same host is automatically upgraded to https:// due to stored HSTS state. Affected versions 8.12.0 through...

CVE-2025-14017 affecting package curl for versions less than 8.11.1-5

CVE-2025-14017 affecting package curl for versions less than 8.11.1-5. A patched version of the package is available...

Siemens SIMATIC S7-1500 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-22876)

curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header fiel...

Siemens SIMATIC S7-1500 Exposure of Resource to Wrong Sphere (CVE-2021-22897)

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single static variable in the library, which has the surprising...

CVE-2025-10148 affecting package curl for versions less than 8.8.0-7

CVE-2025-10148 affecting package curl for versions less than 8.8.0-7. A patched version of the package is available...

JLSEC-2025-25 curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insu...

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

JLSEC-2025-26 curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to ...

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header...

EUVD-2014-1341

Malware in sbrugna...

EUVD-2016-9470

Malware in sbrugna...

EUVD-2018-8635

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-27774

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract...

K000152958: Curl vulnerability CVE-2021-22876

Security Advisory Description curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the...

Curl 8.5.0 < 8.14.0 Improper Certificate Validation (CVE-2025-5025)

The version of Curl installed on the remote host is is missing security update. It is, therefore, affected by a improper certificate validation vulnerability. - libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when...

Multiple CURL vulnerabilities in Brocade SANnav OVA deployments before SANnav 2.3.1b

Multiple CURL vulnerabilities Curl 7.44.0 8.7.0 vulnerabilities CVE-2024-2398, CVE-2024-2466, CVE-2024-2004 & CVE-2024-0853 Curl 7.44.0 8.7.0 HTTP/2 Push Headers Memory-leak CVE-2024-2398 Curl 7.85.0 8.7.0 Input Misinterpretation CVE-2024-2004 Curl 7.85.0 8.7.0 Input Misinterpretation CVE-2024-20...

Curl 7.76.0 < 8.11.1 Information Disclosure (CVE-2024-11053)

The version of Curl installed on the remote host is between 7.76.0 and prior to 8.11.1. It is, therefore, affected by an information disclosure vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVE...

CVE-2024-9681

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

AZL-49035 CVE-2024-8096 affecting package curl for versions less than 8.8.0-3

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error tha...