Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 5 days ago6 views

Curl 7.46.0 < 8.21.0 Trailing Dot Domain Super Cookie

The version of curl installed on the remote host is 7.46.0 prior to 8.21.0. It is, therefore, affected by a cookie injection vulnerability: - A flaw in curl's cookie parsing logic allows a malicious HTTP server to set super cookies that bypass the Public Suffix List check. CVE-2026-8924 Note that...

5.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 5 days ago8 views

Curl 8.15.0 < 8.21.0 SASL Double-Free

The version of curl installed on the remote host is 8.15.0 prior to 8.21.0. It is, therefore, affected by a double-free vulnerability: - The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the...

5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 5 days ago9 views

Curl 7.81.0 < 8.21.0 Proto-Default Skips SSH Verification

The version of curl installed on the remote host is 7.81.0 prior to 8.21.0. It is, therefore, affected by an improper host validation vulnerability: - When a user invokes curl using a schemeless URL combined with --proto-default sftp, a disconnect occurs that erroneously bypasses the initializati...

5.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.27 views

Curl 8.13.0 < 8.19.0 Use After Free in SMB Connection

The version of curl installed on the remote host is 8.13.0 prior to 8.19.0 . It is, therefore, affected by a use after free in SMB connection vulnerability: - When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

7.5CVSS7.2AI score0.00715EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.25 views

Curl 7.76.0 < 8.12.0 Default Credential Leak (CVE-2025-0167)

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

3.4CVSS6.3AI score0.00635EPSS
Exploits1References2
Debian
Debian
added 2000/10/13 10:26 p.m.1 views

[SECURITY] New version of curl fixes buffer overflow (update)

Package : curl and curl-ssl Problem type : remote exploit Debian-specific: no The first release of this advisory listed a wrongly compiled curl package for i386; this has been replaced with version 6.0-1.1.1 . The version of curl a tool to retrieve files using ftp, gover or http as distributed wi...

6AI score
Exploits0
Rows per page
Query Builder