16 matches found
Astra Linux - уязвимость в curl
Due to the use of a dangling pointer, libcurl versions 7.29.0 through 7.71.1 can use the wrong connection when sending data...
libcurl 7.17.0 < 8.18.0 Security Bypass.
The version of libcurl installed on the remote host is missing a security update. It is, therefore, affected by a security bypass vulnerability in multi-threaded LDAPS transfers. - When performing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread could...
Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2019-5435)
An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...
Siemens SIMATIC S7-1500 Improper Certificate Validation (CVE-2020-8286)
The libcurl library versions 7.41.0 to and including 7.73.0 are vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. This vulnerability could allow an attacker to pass a revoked certificate as valid. This plugin only works with...
Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2019-5436)
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
EUVD-2010-0760
Malware in sbrugna...
curl: CVE-2024-2466: TLS certificate check bypass with mbedTLS
The Curl library had a security vulnerability where the certificate name check was bypassed when connecting to a host via its IP address. This could have potentially introduced spoofing attacks or unauthorized access due to unverified server certificate. The issue affected Curl with MbedTLS from...
Two High-Risk Security Flaws Discovered in Curl Library - New Patches Released
--- Image Source: JFrog Security Research Patches have been released for two security flaws impacting the Curl data transfer library, the most severe of which could potentially result in code execution. The list of vulnerabilities is as follows - CVE-2023-38545 CVSS score: 7.5 - SOCKS5 heap-based...
SUSE CVE-2013-6422
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification CURLOPTSSLVERIFYPEER, also disables the CURLOPTSSLVERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle MITM...
UBUNTU-CVE-2021-22945
When sending data to an MQTT server, libcurl = 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again...
curl: Integer overflows in curl_url_set() function
An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1...
ALPINE-CVE-2019-5436
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1...
UBUNTU-CVE-2019-5436
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1...
CVE-2015-3237
The smbrequeststate function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service out-of-bounds read and crash via crafted length and offset values...
CVE-2015-3148
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request...
curl: re-use of wrong HTTP NTLM connection in libcurl
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request...