Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Veracode
Veracodeadded 2023/03/21 12:27 a.m.50 views

Authentication Bypass

curl is vulnerable to Authentication Bypass. The library would reuse a previously created FTP connection even when one or more options had been changed, leading to wrong credentials. Several FTP settings were left out from configuration match checks, making them easily match...

5.9CVSS8.5AI score0.00036EPSS
Exploits1References8Affected Software3
Hacker One
Hacker Oneadded 2023/03/20 7:44 a.m.61 views

Internet Bug Bounty: CVE-2023-27538: SSH connection too eager reuse still

A vulnerability was found in libcurl that allowed the reuse of a previously created SSH connection even when an SSH related option had been changed that should have prohibited reuse. This was due to two SSH settings being left out from the configuration match checks, making them match too easily...

5.5CVSS6.9AI score0.00012EPSS
Exploits1
Hacker One
Hacker Oneadded 2023/03/20 7:42 a.m.93 views

Internet Bug Bounty: CVE-2023-27536: GSS delegation too eager connection re-use

A vulnerability was found in libcurl versions 7.22.0 to 7.88.1 that allowed for the reuse of a previously created connection even when the GSS delegation option had been changed, potentially changing the user's permissions in a second transfer. This could affect krb5/kerberos/negotiate/GSSAPI...

5.9CVSS7.2AI score0.00011EPSS
Exploits1
UbuntuCve
UbuntuCveadded 2023/03/20 12:0 a.m.70 views

CVE-2023-27535

An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...

5.9CVSS6.8AI score0.00036EPSS
Exploits1References4
Microsoft CVE
Microsoft CVEadded 2022/06/11 7:0 a.m.2 views

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However several TLS andSSH settings were left out from the configuration match checks making themmatch too easily.

...

7.5CVSS6.8AI score0.00469EPSS
Exploits1
OSV
OSVadded 2022/06/02 2:15 p.m.1 views

DEBIAN-CVE-2022-27782

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...

7.5CVSS6.6AI score0.00469EPSS
Exploits1References1
OSV
OSVadded 2022/05/11 8:0 a.m.2 views

CURL-CVE-2022-27782 TLS and SSH connection too eager reuse

libcurl would reuse a previously created connection even when a TLS or SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several TLS and...

7.5CVSS7.6AI score0.00469EPSS
Exploits1
Rows per page
Query Builder