22 matches found
Advisory ROSA-SA-2025-2945
software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-3 affected versions curl-8.7.1-3 CVE-ID: CVE-2025-0725 BDU-ID: 2025-01585 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gzipdowrite function of the zlib compression library of the cURL command line utility is related to...
DLA-4213-1 curl - regression update
Bulletin has no description...
GHSA-MQ8W-C2J9-RQXC vulnerabilities
Vulnerabilities for packages: curl...
GHSA-GV3V-X3F3-7FXM vulnerabilities
Vulnerabilities for packages: curl...
GHSA-FJ44-3XPP-9CX2 vulnerabilities
Vulnerabilities for packages: curl...
Advisory ROSA-SA-2025-2680
Software: curl 7.61.1 OS: ROSA Virtualization 3.0 packageevrstring: curl-7.61.1-33.0.2 CVE-ID: CVE-2023-27533 BDU-ID: 2023-02107 CVE-Crit: LOW CVE-DESC.: A vulnerability in the curl program line utility is related to communication using the TELNET protocol, which could allow an attacker to pass a...
CVE-2025-0167 vulnerabilities
Vulnerabilities for packages: curl...
PT-2024-7663 · Curl +9 · Curl +9
Name of the Vulnerable Software and Affected Versions: curl versions prior to 8.10.1 Description: The issue is related to the implementation of the HSTS HTTP Strict Transport Security mechanism in the curl utility. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a...
CVE-2024-8096 vulnerabilities
Vulnerabilities for packages: curl...
OESA-2023-1958 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file...
CVE-2023-38545
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host na...
SUSE-SU-2023:2227-1 Security update for curl
This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition bsc1211231. - CVE-2023-28321: Fixed IDN wildcard matching bsc1211232. - CVE-2023-28322: Fixed POST-after-PUT confusion bsc1211233...
SUSE CVE-2012-0036
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the 1 IMAP, 2 POP3, or 3 SMTP protocol...
CVE-2020-8169
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS servers...
Phishing Attacks
curl is vulnerable to phishing attacks. malicious server can redirect FTP to malicious host via PASV reponse...
SUSE-SU-2020:14481-1 Security update for curl
This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPTCONNECTONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the...
The vulnerability of the software for interacting with servers via curl exists due to a logical error in processing the Content-Disposition header of HTTP responses. This allows an attacker to re-write local files.
The vulnerability of the software for interacting with Curl servers exists due to a logical error in processing the Content-Disposition header of HTTP responses. Exploiting this vulnerability allows an attacker who operates remotely to re-write local files...
PT-2019-6378 · Curl +1 · Curl +1
Name of the Vulnerable Software and Affected Versions: curl version 7.65.2 Description: The issue is related to an integer overflow vulnerability in the tool operate.c file of curl, which can occur when a large value is specified as the retry delay. This may cause a denial of service to associate...
ALPINE-CVE-2018-16839
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service...
CVE-2003-1605
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server...