EUVD-2015-8502

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-5420

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the...

CURL-CVE-2022-30115 HSTS bypass via trailing dot

curl's HSTS check could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This mechanism could be bypassed if the hostname in the given URL used ...

CURL-CVE-2021-22923 Metalink download sends credentials

When curl is instructed to get content using the Metalink feature, and a user name and password are used to download the Metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl downloads or tries to download the contents from. Often contrar...

cURL/libcURL 'curl_easy_unescape()' Heap Memory Corruption

Binary data 6898.prm...

Curl < 7.15.3 TFTP URL Parsing Overflow

Binary data 3481.prm...