PT-2026-35897

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When using the Certificate Status Request TLS extension, commonly known as OCSP stapling, to verify server certificate validity, the software fails to detect OCSP problems and incorrectly treats...

Tenable Security Center Multiple Vulnerabilities (TNS-2026-06)

According to its self-reported version, the Tenable Security Center running on the remote host prior or equal to 6.7.2 and missing relevant patches. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-06 advisory. - In PHP versions:8.1. before 8.1.34, 8.2. before...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2025-2478)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname,...

EUVD-2021-7242

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-8030

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient escaping in the Copy as cURL feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in...

curl: curl ASSERTs when accessing an LDAP URL

Summary: curl can crash when accessing an LDAP URL. curl ldap://localhost:1388 curl: result.c:930: tryread1msg: Assertion !BERBVISEMPTY &resoid ' failed. Aborted core dumped No AI was used in the production of this report. This was enabled by oss-fuzz, but initiated by me adding LDAP support to...

Linux Distros Unpatched Vulnerability : CVE-2023-46219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS...

Medium: curl

Issue Overview: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform...

curl: When curl uses Schannel as TLS backend, it fails to enforce TLS 1.3 cipher suite selections correctly

Vulnerability description not provided...

UBUNTU-CVE-2024-2004

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been...

OESA-2023-1959 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file...

AZL-35020 CVE-2023-46219 affecting package mysql for versions less than 8.0.40-1

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...

AZL-32125 CVE-2023-46219 affecting package mysql for versions less than 8.0.40-1

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...

SUSE-SU-2023:4659-1 Security update for curl

This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass bsc1217573. - CVE-2023-46219: HSTS long file name clears contents bsc1217574...

SUSE-SU-2021:1396-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials bsc1183933...

UBUNTU-CVE-2020-8177

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used...