Lucene search
+L

207 matches found

NVD
NVD
added 2022/06/02 2:15 p.m.25 views

CVE-2022-27780

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...

7.5CVSS0.02187EPSS
Exploits1References3
Prion
Prion
added 2022/06/02 2:15 p.m.33 views

Design/Logic Flaw

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...

5CVSS7.2AI score0.02187EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2022/06/01 12:0 a.m.61 views

CVE-2022-27780

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...

7.5CVSS6.3AI score0.02187EPSS
Exploits1
Cvelist
Cvelist
added 2022/06/01 12:0 a.m.30 views

CVE-2022-27780

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...

7.7AI score0.02187EPSS
Exploits1References3
OSV
OSV
added 2022/06/01 12:0 a.m.39 views

CVE-2022-27780

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...

5.3CVSS0.7AI score0.02187EPSS
Exploits1References5
CVE
CVE
added 2022/06/01 12:0 a.m.354 views

CVE-2022-27780

CVE-2022-27780 affects curl: the URL parser can wrongly decode percent-encoded separators in the host portion, causing a URL like http://example.com%2F127.0.0.1/ to be interpreted as http://example.com/127.0.0.1/, potentially bypassing filters. Affected software is curl (core library). The flaw’s...

7.5CVSS7.2AI score0.02187EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2022/06/01 12:0 a.m.54 views

CVE-2022-27780

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...

7.5CVSS7.5AI score0.02187EPSS
Exploits1
Veracode
Veracode
added 2022/05/14 11:45 p.m.31 views

Cross-site Scripting (XSS)

curl is vulnerable to cross-site scripting. The vulnerability exists due to the curl URL parser wrongly accepts percent-encoded URL separators like / when decoding the host name part of a URL which allows an attacker to inject and execute arbitrary javascript...

7.5CVSS7.6AI score0.02187EPSS
Exploits1References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2022/05/13 12:0 a.m.59 views

FreeBSD : curl -- Multiple vulnerabilities (11e36890-d28c-11ec-a06f-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 11e36890-d28c-11ec-a06f-d4c9ef517024 advisory. - Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an...

8.1CVSS6.7AI score0.03453EPSS
Exploits6References8
OSV
OSV
added 2022/05/11 8:0 a.m.9 views

CURL-CVE-2022-27780 percent-encoded path separator in URL host

The curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the hostname part of a URL, making it a different URL using the wrong hostname when it is later retrieved. For example, a URL like http://example.com%2F10.0.0.1/, would be allowed by the parser and get...

7.5CVSS7.3AI score0.02187EPSS
Exploits1
CNNVD
CNNVD
added 2022/05/11 12:0 a.m.4 views

curl 代码问题漏洞

curl is a tool used to transfer data from or to a server. A code issue vulnerability exists in curl, which arises from the URL parser incorrectly accepting percentage-encoded URL separators when decoding the hostname portion of a URL...

7.5CVSS6.9AI score0.02187EPSS
Exploits1References15
UbuntuCve
UbuntuCve
added 2022/05/11 12:0 a.m.48 views

CVE-2022-27780

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...

7.5CVSS6.8AI score0.02187EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/05/11 12:0 a.m.45 views

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current curl Multiple Vulnerabilities (SSA:2022-131-01)

The version of curl installed on the remote host is prior to 7.83.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-131-01 advisory. - libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have...

8.1CVSS6.8AI score0.03453EPSS
Exploits6References6
Tenable Nessus
Tenable Nessus
added 2022/05/11 12:0 a.m.63 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : curl vulnerabilities (USN-5412-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5412-1 advisory. Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this iss...

7.5CVSS6.7AI score0.02596EPSS
Exploits3References4
Github Security Blog
Github Security Blog
added 2022/02/22 12:0 a.m.45 views

url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.

Leading control characters in a URL are not stripped when passed into url-parse. This can cause input URLs to be mistakenly be interpreted as a relative URL without a hostname and protocol, while the WHATWG URL parser will trim control characters and treat it as an absolute URL. If url-parse is...

9.8CVSS8.1AI score0.0222EPSS
Exploits1References7Affected Software1
CNNVD
CNNVD
added 2021/12/30 12:0 a.m.3 views

Netgear RAX43 缓冲区错误漏洞

The Netgear RAX43 is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between them. A buffer overflow vulnerability exists in Netgear RAX43 version 1.0.3.96. The vulnerability is caused by the URL parsing functionality of the...

8.8CVSS6AI score0.02195EPSS
Exploits0References3
OSV
OSV
added 2021/12/18 11:6 a.m.8 views

OPENSUSE-SU-2021:1592-1 Security update for nim

This update for nim fixes the following issues: - CVE-2021-41259: Fixed vulnerability in URL parser that allowed a null byte bypass boo1192712 This update was imported from the openSUSE:Leap:15.2:Update update project...

9.3AI score
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/12/18 12:0 a.m.33 views

Security update for nim (moderate)

openSUSE Security Update: Security update for nim Announcement ID: openSUSE-SU-2021:1592-1 Rating: moderate References: 1192712 Cross-References: CVE-2021-41259 CVSS scores: CVE-2021-41259 NVD : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Affected Products: openSUSE Backports SLE-15-SP2 An...

9.2AI score
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2021/12/15 12:0 a.m.32 views

Security update for nim (moderate)

openSUSE Security Update: Security update for nim Announcement ID: openSUSE-SU-2021:1585-1 Rating: moderate References: 1192712 Cross-References: CVE-2021-41259 CVSS scores: CVE-2021-41259 NVD : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Affected Products: openSUSE Leap 15.2 An update that...

9.2AI score
Exploits0References1
OSV
OSV
added 2021/12/14 11:6 p.m.8 views

OPENSUSE-SU-2021:1585-1 Security update for nim

This update for nim fixes the following issues: - CVE-2021-41259: Fixed vulnerability in URL parser that allowed a null byte bypass boo1192712...

9.3AI score
Exploits0References3
Rows per page
Query Builder