Siemens SIMATIC S7-1500 Cleartext Transmission of Sensitive Information (CVE-2023-23915)

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

curl: curl’s persistence files inherit world-readable/writable perms from umask, leaking and tampering with cookies/HSTS/Alt-Svc caches

Executive Summary Curlfopen clones the permissions of any pre-existing persistence file when creating its temporary file. When the persistence file does not exist, it first creates one with the process umask typically 022, i.e., 0644. That mode is then copied to the temp file via 0600 | sb.stmode...

Security Bulletin: Publicly disclosed libcurl vulnerabilities affects IBM Safer Payments (CVE-2024-9681)

Summary Libcurl is used by IBM Safer Payments as part of the AVRO support for Kafka. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2024-9681 DESCRIPTION: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making ...

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2025-1043)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1043 advisory. When curl is asked to use HSTS, the expiry time for a subdomain mightoverwrite a parent domain's cache entry, making it end sooner or later thanotherwise intended. This affects curl using applications...

EulerOS Virtualization 2.12.1 : curl (EulerOS-SA-2025-1552)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server...

Tenable Security Center Multiple Vulnerabilities (TNS-2025-04)

According to its self-reported version, the Tenable Security Center running on the remote host is version 6.3.0, 6.4.0, 6.4.5, or 6.5.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-04 advisory. - When curl is asked to use HSTS, the expiry time for a...

macOS 13.x < 13.7.5 Multiple Vulnerabilities (122375)

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.7.5. It is, therefore, affected by multiple vulnerabilities: - A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3,...

Linux Distros Unpatched Vulnerability : CVE-2024-9681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise...

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM DevOps Code ClearCase.

Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM DevOps Code ClearCase. CVE-2024-7264, CVE-2024-9681 Vulnerability Details CVEID:CVE-2024-7264 DESCRIPTION: cURL libcurl could allow a local attacker to obtain sensitive information, caused by an...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2025-1132)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2025-1151)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than...

EulerOS 2.0 SP12 : curl (EulerOS-SA-2025-1186)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than...

Amazon Linux 2 : curl (ALAS-2025-2724)

The version of curl installed on the remote host is prior to 8.3.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2724 advisory. When curl is asked to use HSTS, the expiry time for a subdomain mightoverwrite a parent domain's cache entry, making it end sooner or...

Medium: curl

Issue Overview: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform...

Cache Poisoning

libcurl.so is vulnerable to Cache Poisoning. The vulnerability is due to improper handling of HSTS cache entries in curl, where a subdomain’s HSTS expiry time can overwrite the parent domain's cache entry, causing incorrect HTTPS timeout handling. It allows an attacker to trigger insecure HTTP...

OESA-2024-2389 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later th...

AZL-52449 CVE-2024-9681 affecting package tensorflow for versions less than 2.16.1-7

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

DEBIAN-CVE-2024-9681

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

curl: CVE-2024-9681: HSTS subdomain overwrites parent cache entry

The HSTS HTTP Strict Transport Security cache in the curl web client can be overwritten by a subdomain, causing the parent domain's HSTS expiration time to be set incorrectly. This issue was discovered in curl versions 8.10.1 and 8.11.0-DEV...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2286)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...