Lucene search
K

11 matches found

Hacker One
Hacker One
added 2026/05/06 9:23 p.m.33 views

curl: CURLOPT_PROXY_CRLFILE / CURLOPT_PROXY_ISSUERCERT / CURLOPT_PROXY_ISSUERCERT_BLOB silently ignored on backends that don't support them

From the Mythos report 2026-05-06 F1. CURLOPTPROXYCRLFILE / CURLOPTPROXYISSUERCERT / CURLOPTPROXYISSUERCERTBLOB silently ignored on backends that don't support them — severity Low https://github.com/curl/curl/blob/455bebc2c7/lib/setopt.cL1786-L1797...

6.5CVSS6.5AI score0.01299EPSS
Exploits3
CloudLinux
CloudLinux
added 2021/09/21 10:10 p.m.42 views

Fix of CVE: CVE-2021-22924

fix connection reuse checks for issuer cert and case sensitivity CVE-2021-22924...

4.3CVSS1.2AI score0.0627EPSS
Exploits1References1
Amazon
Amazon
added 2021/09/15 12:0 a.m.49 views

Medium: curl

Issue Overview: A flaw was found in curl in the way curl handles a file hash mismatch after downloading content using the Metalink feature. This flaw allows malicious actors controlling a hosting server to trick users into downloading malicious content. The highest threat from this vulnerability ...

6.5CVSS6.8AI score0.0627EPSS
Exploits5
NVD
NVD
added 2021/08/05 9:15 p.m.20 views

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

4.3CVSS0.0627EPSS
Exploits1References15
OSV
OSV
added 2021/08/05 9:15 p.m.35 views

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

3.7CVSS2.5AI score0.0627EPSS
Exploits1References15
Prion
Prion
added 2021/08/05 9:15 p.m.28 views

Code injection

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

4.3CVSS5.2AI score0.0627EPSS
Exploits1References15Affected Software26
Cvelist
Cvelist
added 2021/08/05 8:16 p.m.23 views

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

6AI score0.0627EPSS
Exploits1References15
AlpineLinux
AlpineLinux
added 2021/08/05 8:16 p.m.43 views

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

4.3CVSS6.2AI score0.0627EPSS
Exploits1
Debian CVE
Debian CVE
added 2021/08/05 8:16 p.m.51 views

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

4.3CVSS6.5AI score0.0627EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2021/07/21 12:0 a.m.35 views

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

4.3CVSS6.6AI score0.0627EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/05/27 12:0 a.m.12 views

PT-2021-4598 · Libcurl +8 · Libcurl +8

Name of the Vulnerable Software and Affected Versions: libcurl affected versions not specified Description: The issue arises from errors in the logic of libcurl's config matching function, which does not account for the 'issuercert' and compares file paths case insensitively. This could lead to...

10CVSS7.4AI score0.87816EPSS
Exploits46References611
Rows per page
Query Builder