10318 matches found
ROOT-OS-DEBIAN-12-CVE-2026-1965 CVE-2026-1965 in rootio-curl - Patched by Root
Root has patched CVE-2026-1965 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-14017 CVE-2025-14017 in rootio-curl - Patched by Root
Root has patched CVE-2025-14017 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-10148 CVE-2025-10148 in rootio-curl - Patched by Root
Root has patched CVE-2025-10148 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-10966 CVE-2025-10966 in rootio-curl - Patched by Root
Root has patched CVE-2025-10966 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-3783 CVE-2026-3783 in rootio-curl - Patched by Root
Root has patched CVE-2026-3783 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-6429 CVE-2026-6429 in rootio-curl - Patched by Root
Root has patched CVE-2026-6429 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-3784 CVE-2026-3784 in rootio-curl - Patched by Root
Root has patched CVE-2026-3784 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2024-2379 CVE-2024-2379 in rootio-curl - Patched by Root
Root has patched CVE-2024-2379 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-5545 CVE-2026-5545 in rootio-curl - Patched by Root
Root has patched CVE-2026-5545 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-6253 CVE-2026-6253 in rootio-curl - Patched by Root
Root has patched CVE-2026-6253 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
SUSE CVE-2026-8924
A flaw in curl's cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...
SUSE CVE-2026-9080
Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 26.04 LTS : curl vulnerabilities (USN-8525-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8525-1 advisory. Harry Sintonen discovered that curl incorrectly handled credentials when following HTTP...
USN-8525-1: curl vulnerabilities
Harry Sintonen discovered that curl incorrectly handled credentials when following HTTP redirects in conjunction with .netrc files. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS...
CVE-2026-11564
A flaw was found in curl. When libcurl reuses a connection from its connection pool, an easy handle that initially used default native Certificate Authority CA trust may continue to trust the native platform store. This occurs even after the application has switched that same handle to custom CA...
CVE-2026-10536
A flaw was found in libcurl. This use-after-free vulnerability occurs when an application configures an HTTP/2 stream-dependency tree and then performs a sequence of operations involving curleasyreset and curleasycleanup. During the final cleanup, libcurl attempts to access memory that has alread...
CVE-2026-8924
A flaw was found in curl's cookie parsing logic. A malicious HTTP server can exploit this by setting 'super cookies' that bypass the Public Suffix List check. This allows an attacker-controlled origin to inject cookies that curl then transmits to unrelated third-party domains, leading to...
CVE-2026-11352
A flaw was found in curl and libcurl. A malicious HTTP/3 server can exploit an issue in the QUIC UDP receive function by continuously streaming empty UDP datagrams. This can lead to a remote denial of service DoS against a curl or libcurl client, as the helper function discards zero-length UDP...
CVE-2026-11586
A flaw was found in curl. A malicious server can exploit this vulnerability by sending rapid, sequential WebSocket PING messages. Due to a lack of an upper bound on memory allocation for unacknowledged frames, curl can be forced to exhaust all available memory, leading to a denial of service...
CVE-2026-12064
A flaw was found in curl. When a user invokes curl with a schemeless URL and specifies SFTP SSH File Transfer Protocol or SCP Secure Copy Protocol as the default protocol, the tool layer fails to initialize critical SSH security options. This bypasses host verification, allowing curl to connect t...