Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-8636

Malware in sbrugna...

9.8CVSS6.9AI score0.03398EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-23915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple...

6.5CVSS6.3AI score0.00861EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2017-1000100

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name longer than about 515 bytes, the file name is truncated to fit...

6.5CVSS6.5AI score0.03958EPSS
Exploits0References2
OSV
OSV
added 2025/02/05 9:15 a.m.17 views

CVE-2025-0167 netrc and default credential leak

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

3.4CVSS6.7AI score0.00663EPSS
Exploits1References6
OSV
OSV
added 2024/12/11 7:34 a.m.9 views

CVE-2024-11053 netrc and redirect credential leak

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but...

3.4CVSS6.7AI score0.01378EPSS
Exploits1References9
Amazon
Amazon
added 2024/05/03 12:0 a.m.7 views

Medium: curl

Issue Overview: This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this b...

6.5CVSS6.9AI score0.01685EPSS
Exploits1
Amazon
Amazon
added 2024/04/30 12:0 a.m.5 views

Medium: curl

Issue Overview: When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protoco...

8.6CVSS6.9AI score0.36081EPSS
Exploits2
OSV
OSV
added 2022/06/27 8:0 a.m.7 views

CURL-CVE-2022-32208 FTP-KRB bad message verification

When curl does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client...

5.9CVSS6.4AI score0.06762EPSS
Exploits1
Prion
Prion
added 2021/04/02 6:15 p.m.22 views

Design/Logic Flaw

An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafte...

4.3CVSS5.6AI score0.00767EPSS
Exploits0References4Affected Software6
AlpineLinux
AlpineLinux
added 2018/08/01 6:0 a.m.43 views

CVE-2016-8620

The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input...

9.8CVSS6.9AI score0.04413EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2018/07/27 7:0 p.m.54 views

CVE-2017-2629

curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server...

6.5CVSS5.6AI score0.01391EPSS
Exploits0
Rows per page
Query Builder