Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libcurl vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2016-1000102
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5387. Reason: This candidate is a duplicate of CVE-2016-5387. Notes: All CVE users should reference CVE-2016-5387 instead of this candidate. All references and descriptions in this candidate have been removed...
NA
CVE-2015-3236
cURL and libcurl 7.40.0 up to and including 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote malicious users to obtain sensitive in...
Haxx Curl 7.42.1
Haxx Libcurl 7.40.0
Haxx Curl 7.40.0
Haxx Curl 7.41.0
Haxx Curl 7.42.0
Haxx Libcurl 7.42.1
Haxx Libcurl 7.41.0
Haxx Libcurl 7.42.0
NA
CVE-2015-3237
The smb_request_state function in cURL and libcurl 7.40.0 up to and including 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.
Haxx Libcurl 7.40.0
Haxx Libcurl 7.41.0
Haxx Curl 7.40.0
Haxx Curl 7.41.0
Haxx Curl 7.42.0
Haxx Curl 7.42.1
Haxx Libcurl 7.42.0
Haxx Libcurl 7.42.1
Hp System Management Homepage
Oracle Glassfish Server 3.1.2
Oracle Enterprise Manager Ops Center 12.1.4
Oracle Enterprise Manager Ops Center 12.2.2
Oracle Enterprise Manager Ops Center 12.3.2
Oracle Glassfish Server 3.0.1
NA
CVE-2015-3153
The default configuration for cURL and libcurl prior to 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
Oracle Enterprise Manager Ops Center 12.3.0
Oracle Enterprise Manager Ops Center 12.2.0
Oracle Enterprise Manager Ops Center 12.2.1
Oracle Enterprise Manager Ops Center
Haxx Libcurl
Haxx Curl
Canonical Ubuntu Linux 15.1
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 12.04
Apple Mac Os X 10.10.4
Debian Debian Linux 8.0
NA
CVE-2015-3145
The sanitize_cookie_path function in cURL and libcurl 7.31.0 up to and including 7.41.0 does not properly calculate an index, which allows remote malicious users to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie pa...
Fedoraproject Fedora 21
Fedoraproject Fedora 22
Canonical Ubuntu Linux 12.04
Debian Debian Linux 7.0
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Haxx Curl 7.37.1
Haxx Curl 7.38.0
Haxx Curl 7.33.0
Haxx Curl 7.34.0
Haxx Curl 7.35.0
Haxx Curl 7.41.0
Haxx Curl 7.36.0
Haxx Curl 7.37.0
Haxx Curl 7.31.0
Haxx Curl 7.32.0
Haxx Curl 7.39.0
Haxx Curl 7.40.0
Apple Mac Os X 10.10.2
Apple Mac Os X 10.10.3
Apple Mac Os X 10.10.0
1 Github repository
NA
CVE-2015-3144
The fix_hostname function in cURL and libcurl 7.37.0 up to and including 7.41.0 does not properly calculate an index, which allows remote malicious users to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-leng...
Oracle Mysql Enterprise Monitor
Haxx Curl 7.39.0
Haxx Curl 7.40.0
Haxx Curl 7.37.0
Haxx Curl 7.41.0
Haxx Curl 7.37.1
Haxx Curl 7.38.0
Haxx Libcurl 7.40.0
Haxx Libcurl 7.41.0
Haxx Libcurl 7.37.0
Haxx Libcurl 7.37.1
Haxx Libcurl 7.38.0
Haxx Libcurl 7.39
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Debian Debian Linux 7.0
NA
CVE-2014-8151
The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 up to and including 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows...
Apple Mac Os X
Haxx Libcurl 7.31.0
Haxx Libcurl 7.32.0
Haxx Libcurl 7.38.0
Haxx Libcurl 7.39
Haxx Libcurl 7.37.0
Haxx Libcurl 7.37.1
Haxx Libcurl 7.33.0
Haxx Libcurl 7.34.0
Haxx Libcurl 7.35.0
Haxx Libcurl 7.36.0
NA
CVE-2014-3620
cURL and libcurl prior to 7.38.0 allow remote malicious users to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.
Haxx Curl 7.35.0
Haxx Curl 7.32.0
Haxx Curl 7.33.0
Haxx Curl 7.36.0
Haxx Curl
Haxx Curl 7.31.0
Haxx Curl 7.34.0
Haxx Curl 7.37.0
Haxx Libcurl 7.37.0
Haxx Libcurl 7.33.0
Haxx Libcurl 7.36.0
Haxx Libcurl 7.34.0
Haxx Libcurl 7.31.0
Haxx Libcurl 7.35.0
Haxx Libcurl
Haxx Libcurl 7.32.0
Apple Mac Os X
NA
CVE-2014-2522
curl and libcurl 7.27.0 up to and including 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when acces...
Haxx Libcurl 7.35.0
Haxx Libcurl 7.36.0
Haxx Libcurl 7.28.1
Haxx Libcurl 7.27.0
Haxx Curl 7.29.0
Haxx Curl 7.28.0
Haxx Libcurl 7.31.0
Haxx Libcurl 7.30.0
Haxx Curl 7.33.0
Haxx Curl 7.32.0
Haxx Libcurl 7.32.0
Haxx Libcurl 7.33.0
Haxx Libcurl 7.34.0
Haxx Curl 7.35.0
Haxx Curl 7.34.0
Haxx Curl 7.28.1
Haxx Curl 7.27.0
Haxx Libcurl 7.29.0
Haxx Libcurl 7.28.0
Haxx Curl 7.31.0
Haxx Curl 7.30.0
NA
CVE-2014-0139
cURL and libcurl 7.1 prior to 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle malicious users to spoof arbitrary SSL...
Haxx Curl 7.12.0
Haxx Curl 7.12.1
Haxx Curl 7.15.0
Haxx Curl 7.15.1
Haxx Curl 7.16.2
Haxx Curl 7.16.3
Haxx Curl 7.19.0
Haxx Curl 7.19.1
Haxx Curl 7.20.1
Haxx Curl 7.21.0
Haxx Curl 7.21.7
Haxx Curl 7.22.0
Haxx Curl 7.28.0
Haxx Curl 7.28.1
Haxx Libcurl 7.10.7
Haxx Curl 7.10.8
Haxx Curl 7.11.0
Haxx Curl 7.13.0
Haxx Curl 7.13.1
Haxx Curl 7.13.2
Haxx Curl 7.15.4
Haxx Curl 7.15.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »