Lucene search
K

32 matches found

Veracode
Veracode
added 2025/01/08 1:50 a.m.14 views

Unsafe SSL Verification

tecnickcom/tcpdf is vulnerable to Unsafe SSL verification. The vulnerability is due to improper handling of SSL verification settings in TCPDF when using libcurl, where CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely. It allows an attacker to perform a Man-in-the-Middle MitM attack...

9.8CVSS7AI score0.00748EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/12/27 12:0 a.m.30 views

CVE-2024-56521

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...

0.00748EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.0 views

SUSE CVE-2015-3143

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015...

5CVSS7.2AI score0.16222EPSS
Exploits0References21
OSV
OSV
added 2022/05/11 8:0 a.m.6 views

CURL-CVE-2022-27779 cookie for trailing dot TLD

libcurl wrongly allows HTTP cookies to be set for Top Level Domains TLDs if the hostname is provided with a trailing dot. curl can be told to receive and send cookies when communicating using HTTPS. curl's "cookie engine" can be built with or without Public Suffix List awareness. If PSL support n...

5.3CVSS5.2AI score0.02414EPSS
Exploits1
OSV
OSV
added 2022/04/27 8:0 a.m.6 views

CURL-CVE-2022-27775 Bad local IPv6 connection reuse

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take the IPv6 address zone id into account which could lead to libcurl reusing the wrong connection...

7.5CVSS7.5AI score0.02794EPSS
Exploits1
OSV
OSV
added 2019/05/22 8:0 a.m.9 views

CURL-CVE-2019-5436 TFTP receive buffer overflow

libcurl contains a heap buffer overflow in the function tftpreceivepacket that receives data from a TFTP server. It calls recvfrom with the default size for the buffer rather than with the size that was used to allocate it. Thus, the content that might overwrite the heap memory is entirely...

7.8CVSS7.8AI score0.49739EPSS
Exploits1
OSV
OSV
added 2016/05/20 2:59 p.m.5 views

CVE-2016-3739

The 1 mbedconnectstep1 function in lib/vtls/mbedtls.c and 2 polarsslconnectstep1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid...

5.3CVSS5.3AI score0.06377EPSS
Exploits0References11
OSV
OSV
added 2015/04/24 2:59 p.m.8 views

CVE-2015-3144

The fixhostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service out-of-bounds read or write and crash or possibly have other unspecified impact via a zero-length host name, as demonstrated by...

9CVSS6.9AI score0.11027EPSS
Exploits0References17
OSV
OSV
added 2015/04/22 8:0 a.m.11 views

CURL-CVE-2015-3148 Negotiate not treated as connection-oriented

libcurl keeps a pool of its last few connections around after use to facilitate easy, convenient and completely transparent connection reuse for applications. When doing HTTP requests Negotiate authenticated, the entire connection may become authenticated and not only the specific HTTP request...

5CVSS6.9AI score0.17942EPSS
Exploits0
OSV
OSV
added 2014/11/18 3:59 p.m.7 views

CVE-2014-3613

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1...

5CVSS6.5AI score0.07432EPSS
Exploits0References11
curl security advisories
curl security advisories
added 2014/03/26 8:0 a.m.34 views

IP address wildcard certificate validation

libcurl incorrectly validates wildcard SSL certificates containing literal IP addresses. RFC 2818 covers the requirements for matching Common Names CNs and subjectAltNames in order to establish valid SSL connections. It first discusses CNs that are for hostnames, and the rules for wildcards in th...

5.8CVSS6.2AI score0.04888EPSS
Exploits0Affected Software2
OSV
OSV
added 2014/02/02 12:55 a.m.1 views

DEBIAN-CVE-2014-0015

cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request...

4CVSS7.1AI score0.05599EPSS
Exploits1References1
Rows per page
Query Builder