EUVD-2004-1389

Malware in sbrugna...

EUVD-2023-32028

Malicious code in bioql PyPI...

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2025-1043)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1043 advisory. When curl is asked to use HSTS, the expiry time for a subdomain mightoverwrite a parent domain's cache entry, making it end sooner or later thanotherwise intended. This affects curl using applications...

curl: Use after free (read) in curl_multi_perform with DoH and Proxy options, and resolve timeouts

Summary: summary of the vulnerability There is a use after free in curlmultiperform when DoH resolver timeouts and CURLOPTPROXY is used see reproducer and stack trace I found it via fuzzing with https://github.com/catenacyber/curl-fuzzer/tree/proxy after fixing a small memory leak in curl Another...

Linux Distros Unpatched Vulnerability : CVE-2016-8625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue...

PT-2024-9765 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: A flaw was found in the cURL wrapper in Moodle, which strips HTTPAUTH and USERPWD headers during emulated redirects but retains other original request headers. This could lead to HTTP...

AZL-26809 CVE-2023-28320 affecting package mysql for versions less than 8.0.34-1

A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...

AZL-34616 CVE-2022-43551 affecting package cmake for versions less than 3.21.4-10

A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. The vulnerability exists as the Copy as cURL feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website...

PHP 5.2.9 cURL - Safe_mode open_basedir Restriction Bypass

PHP 5.2.9 cURL - Safemode openbasedir Restriction Bypass source: https://www.securityfocus.com/bid/34475/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access files in unauthorized locations. This vulnerability...

USN-66-2: PHP vulnerability

Ubuntu Security Notice USN-66-1 described a circumvention of the "openbasedir" restriction by using the cURL module. Adam Conrad discovered that the fix from USN-66-1 still allowed to bypass this restriction with certain variants of path specifications. In addition this update fixes the crash of...