10 matches found
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the curleasycleanup process after configuring an HTTP/2 stream-dependency tree using CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE and invoking curleasyreset. An attacker can cause the application to access freed memor...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to the lack of an upper bound on memory allocation for unacknowledged WebSocket PING frames. An attacker can cause memory exhaustion by sending a rapid sequence of PING messages from a malicious server. Details...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the Authorization header handling process. An attacker can cause sensitive authentication information to be sent to an unintended origin by reusing a handle for transfers to different HTTP origins...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the udpreceive process. An attacker can cause the client to enter a busy-loop and become unresponsive by continuously sending zero-length UDP datagrams from a malicious HTTP/3 server. Remediation Upgrade libcurl to...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the cookie parsing process. An attacker can cause unauthorized cookies to be set and transmitted to unrelated third-party domains by crafting HTTP responses that exploit improper doma...
Authentication Bypass by Primary Weakness
Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness due to incomplete matching of mTLS configuration options during connection reuse in the connection process. An attacker can cause connections to be reused with incorrect client certificate...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the CURLOPTSSHKEYFUNCTION process. An attacker can intercept or manipulate data by presenting a server host key type that does not match the recorded key type in the knownhosts file, which is improperl...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass in the process responsible for clearing proxy authentication credentials. An attacker can gain unauthorized access to sensitive proxy credentials by leveraging subsequent transfers that reuse stale authentication...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the OCSP stapling process with Apple SecTrust. An attacker can cause the client to accept invalid or revoked server certificates by exploiting the failure to properly detect OCSP response problems. Not...
[R2] Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2
R2 Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2 Arnie Cabral Tue, 02/17/2026 - 08:32 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components...