Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libcurl vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-8818
curl and libcurl prior to 7.57.0 on 32-bit platforms allow malicious users to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.
Haxx Curl 7.56.1
Haxx Libcurl 7.56.0
Haxx Libcurl 7.56.1
Haxx Curl 7.56.0
7.5
CVSSv2
CVE-2015-3145
The sanitize_cookie_path function in cURL and libcurl 7.31.0 up to and including 7.41.0 does not properly calculate an index, which allows remote malicious users to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie pa...
Fedoraproject Fedora 21
Fedoraproject Fedora 22
Canonical Ubuntu Linux 12.04
Debian Debian Linux 7.0
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Haxx Curl 7.37.1
Haxx Curl 7.38.0
Haxx Curl 7.33.0
Haxx Curl 7.34.0
Haxx Curl 7.35.0
Haxx Curl 7.41.0
Haxx Curl 7.36.0
Haxx Curl 7.37.0
Haxx Curl 7.31.0
Haxx Curl 7.32.0
Haxx Curl 7.39.0
Haxx Curl 7.40.0
Apple Mac Os X 10.10.2
Apple Mac Os X 10.10.3
Apple Mac Os X 10.10.0
1 Github repository
7.5
CVSSv2
CVE-2013-0249
Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 up to and including 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote malicious users to cause a denial of service (crash) and possib...
Haxx Curl 7.26.0
Haxx Libcurl 7.26.0
Haxx Curl 7.28.1
Haxx Libcurl 7.28.1
Haxx Curl 7.27.0
Haxx Libcurl 7.27.0
Haxx Curl 7.28.0
Haxx Libcurl 7.28.0
Canonical Ubuntu Linux 12.10
1 EDB exploit
7.5
CVSSv2
CVE-2012-0036
curl and libcurl 7.2x prior to 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote malicious users to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) P...
Curl Curl 7.21.1
Curl Curl 7.21.2
Curl Curl 7.23.0
Curl Curl 7.23.1
Curl Curl 7.20.1
Curl Curl 7.21.0
Curl Curl 7.21.7
Curl Curl 7.22.0
Curl Curl 7.21.3
Curl Curl 7.21.4
Curl Curl 7.20.0
Curl Curl 7.21.5
Curl Curl 7.21.6
Curl Libcurl 7.21.3
Curl Libcurl 7.21.4
Curl Libcurl 7.21.1
Curl Libcurl 7.21.2
Curl Libcurl 7.23.1
Curl Libcurl 7.20.0
Curl Libcurl 7.21.5
Curl Libcurl 7.21.6
Curl Libcurl 7.21.7
7.5
CVSSv2
CVE-2009-2417
lib/ssluse.c in cURL and libcurl 7.4 up to and including 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle malicious users to spoo...
Curl Libcurl 7.4
Curl Libcurl 7.4.1
Curl Libcurl 7.7
Curl Libcurl 7.7.1
Curl Libcurl 7.7.2
Curl Libcurl 7.9.3
Curl Libcurl 7.9.5
Curl Libcurl 7.10.3
Curl Libcurl 7.10.4
Curl Libcurl 7.12.0
Curl Libcurl 7.17.0
Curl Libcurl 7.19.2
Curl Libcurl 7.19.3
Curl Libcurl 7.13.1
Curl Libcurl 7.12.3
Libcurl Libcurl 7.15.1
Libcurl Libcurl 7.14
Curl Libcurl 7.15.3
Libcurl Libcurl 7.13
Curl Libcurl 7.4.2
Curl Libcurl 7.5
Curl Libcurl 7.7.3
7.5
CVSSv2
CVE-2007-3564
libcurl 7.14.0 up to and including 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote malicious users to bypass certain access restrictions.
Libcurl Libcurl 7.15.2
Libcurl Libcurl 7.15.3
Libcurl Libcurl 7.15
Libcurl Libcurl 7.15.1
Libcurl Libcurl 7.16.3
Libcurl Libcurl 7.14
Libcurl Libcurl 7.14.1
7.5
CVSSv2
CVE-2006-1061
Heap-based buffer overflow in cURL and libcURL 7.15.0 up to and including 7.15.2 allows remote malicious users to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.
Daniel Stenberg Curl 7.15.1
Daniel Stenberg Curl 7.15.2
Daniel Stenberg Curl 7.15.0
7.5
CVSSv2
CVE-2005-3185
Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.
Libcurl Libcurl 7.13.2
Wget Wget 1.10
Curl Curl 7.13.2
6.9
CVSSv2
CVE-2016-4802
Multiple untrusted search path vulnerabilities in cURL and libcurl prior to 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in ...
Haxx Curl
1 Github repository
6.8
CVSSv2
CVE-2021-22901
curl 7.75.0 up to and including 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote c...
Haxx Curl
Oracle Mysql Server
Oracle Essbase
Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.1
Oracle Communications Cloud Native Core Binding Support Function 1.11.0
Netapp Cloud Backup -
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Solidfire \\& Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp Solidfire Baseboard Management Controller Firmware -
Netapp Solidfire\\, Enterprise Sds \\& Hci Storage Node -
Netapp Hci Compute Node Firmware -
Netapp H300e Firmware -
Netapp H300s Firmware -
Netapp H410s Firmware -
Netapp H500e Firmware -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »