6 matches found
Curl 7.46.0 < 8.21.0 Trailing Dot Domain Super Cookie
The version of curl installed on the remote host is 7.46.0 prior to 8.21.0. It is, therefore, affected by a cookie injection vulnerability: - A flaw in curl's cookie parsing logic allows a malicious HTTP server to set super cookies that bypass the Public Suffix List check. CVE-2026-8924 Note that...
Curl 8.15.0 < 8.21.0 SASL Double-Free
The version of curl installed on the remote host is 8.15.0 prior to 8.21.0. It is, therefore, affected by a double-free vulnerability: - The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the...
Curl 7.81.0 < 8.21.0 Proto-Default Skips SSH Verification
The version of curl installed on the remote host is 7.81.0 prior to 8.21.0. It is, therefore, affected by an improper host validation vulnerability: - When a user invokes curl using a schemeless URL combined with --proto-default sftp, a disconnect occurs that erroneously bypasses the initializati...
Curl 8.13.0 < 8.19.0 Use After Free in SMB Connection
The version of curl installed on the remote host is 8.13.0 prior to 8.19.0 . It is, therefore, affected by a use after free in SMB connection vulnerability: - When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...
Curl 7.76.0 < 8.12.0 Default Credential Leak (CVE-2025-0167)
When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...
[SECURITY] New version of curl fixes buffer overflow (update)
Package : curl and curl-ssl Problem type : remote exploit Debian-specific: no The first release of this advisory listed a wrongly compiled curl package for i386; this has been replaced with version 6.0-1.1.1 . The version of curl a tool to retrieve files using ftp, gover or http as distributed wi...