14 matches found
CVE-2022-43552
A use after free vulnerability exists in curl
CVE-2023-23916
An allocation of resources without limits or throttling vulnerability exists in curl
CVE-2023-23914
A cleartext transmission of sensitive information vulnerability exists in curl
CVE-2023-46218
This flaw allows a malicious HTTP server to set "super cookies" in curl thatare then passed back to more origins than what is otherwise allowed orpossible. This allows a site to set cookies that then would get sent todifferent and unrelated sites and domains. It could do this by exploiting a mixed ...
CVE-2023-38039
When curl retrieves an HTTP response, it stores the incoming headers so thatthey can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it wouldaccept in a response, allowing a malicious server to stream an endless seriesof headers and...
CVE-2023-23915
A cleartext transmission of sensitive information vulnerability exists in curl
CVE-2023-28322
An information disclosure vulnerability exists in curl
CVE-2023-46219
When saving HSTS data to an excessively long file name, curl could end upremoving all contents, making subsequent requests using that file unaware ofthe HSTS status they should otherwise use.
CVE-2023-27534
A path traversal vulnerability exists in curl
CVE-2023-28321
An improper certificate validation vulnerability exists in curl
CVE-2023-28319
A use after free vulnerability exists in curl
CVE-2023-27533
A vulnerability in input validation exists in curl
CVE-2023-28320
A denial of service vulnerability exists in curl
CVE-2020-19909
Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-...