curl: CURLOPT_PROXY_CAINFO_BLOB silently activates native CA store on Apple builds

Hi all, CURLOPTPROXYCAINFOBLOB introduced 7.77.0 never sets proxyssl.customcablob. On USEAPPLESECTRUST / CURLCANATIVE builds this causes curl to silently fall back to the system keychain for proxy TLS verification, nullifying the caller's blob-only trust policy. --- Root cause lib/setopt.c handle...

CVE-2025-14819

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcur...

CVE-2025-14819

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcur...

CVE-2025-14819

CVE-2025-14819 concerns libcurl. When performing TLS transfers with reused easy/multi handles and altering CURLSSLOPT_NO_PARTIALCHAIN, libcurl could reuse a CA store cached in memory where the partial-chain setting was reversed, causing it to accept a trust chain it would otherwise reject. This i...

CVE-2025-14819 OpenSSL partial chain store policy bypass

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcur...

UBUNTU-CVE-2021-3601

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. OpenSSL does not class this issue as a security vulnerability. The trusted CA store should not contain anything that the user does not trust to issue other certificates. Notes:...

CVE-2021-3601

Removed by vendor...

CVE-2021-3601

CVE-2021-3601 is rejected/not used; this CVE entry is not a security vulnerability per the description.

Fortinet FortiSIEM 5.0 / 5.2.1 Improper Certification Validation

Product Name: FortiSIEM Tested versions: 5.0, 5.2.1 Fixed in version: Only a manual workaround is available from Fortinet as of this writing Weakness Type: CWE-295 - Improper Certificate Validation Discovered by: Andrew Klaus Cybera Canada CVE: Pending == Disclosure Timeline: June 25, 2019: Initi...

SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2017:0855-1)

This update for nodejs4 fixes the following issues : - New upstream LTS release 4.7.3 The embedded openssl sources were updated to 1.0.2k CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc1022085, bsc1022086, bsc1009528 - No changes in LTS version 4.7.2 - New upstream LTS release 4.7.1 - build:...

openSUSE Security Update : nodejs4 (openSUSE-2017-442)

This update for nodejs4 fixes the following issues : - New upstream LTS release 4.7.3 The embedded openssl sources were updated to 1.0.2k CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc1022085, bsc1022086, bsc1009528 - No changes in LTS version 4.7.2 - New upstream LTS release 4.7.1 - build:...