Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libcurl vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2016-9594
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
Haxx Curl
6.8
CVSSv2
CVE-2016-9952
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 up to and including 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote malicious users to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server ce...
Haxx Curl
1 Github repository
6.8
CVSSv2
CVE-2016-1840
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 prior to 2.9.4, as used in Apple iOS prior to 9.3.2, OS X prior to 10.11.5, tvOS prior to 9.2.1, and watchOS prior to 2.2.1, allows remote malicious users to execute arbitrary code or cause a denial of s...
Debian Debian Linux 8.0
Apple Iphone Os
Apple Mac Os X
Apple Tvos
Apple Watchos
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux Server Aus 7.3
Redhat Enterprise Linux Server Aus 7.2
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Tus 7.2
Redhat Enterprise Linux Server Eus 7.4
Redhat Enterprise Linux Server Eus 7.2
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Desktop 7.0
6.8
CVSSv2
CVE-2013-2174
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 up to and including 7.30.0 allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a &quo...
Haxx Curl 7.7
Haxx Curl 7.9.3
Haxx Curl 7.9.2
Haxx Curl 7.10.1
Haxx Curl 7.7.3
Haxx Curl 7.8
Haxx Curl 7.9.7
Haxx Curl 7.9.6
Haxx Curl 7.10.5
Haxx Curl 7.10.8
Haxx Curl 7.12.1
Haxx Curl 7.12.2
Haxx Curl 7.12.3
Haxx Curl 7.15.1
Haxx Curl 7.15.2
Haxx Curl 7.16.1
Haxx Curl 7.16.0
Haxx Curl 7.19.6
Haxx Curl 7.19.7
Haxx Curl 7.21.6
Haxx Curl 7.21.7
Haxx Curl 7.22.0
6.8
CVSSv2
CVE-2010-0734
content_encoding.c in libcurl 7.10.5 up to and including 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote malicious users to cause a denial of service (appli...
Curl Libcurl 7.10.8
Curl Libcurl 7.11.0
Curl Libcurl 7.12.3
Curl Libcurl 7.13
Curl Libcurl 7.15.2
Curl Libcurl 7.15.3
Curl Libcurl 7.19.1
Curl Libcurl 7.19.2
Curl Libcurl 7.10.5
Curl Libcurl 7.10.6
Curl Libcurl 7.10.7
Curl Libcurl 7.12.1
Curl Libcurl 7.12.2
Curl Libcurl 7.15
Curl Libcurl 7.15.1
Curl Libcurl 7.18.2
Curl Libcurl 7.19.0
Curl Libcurl 7.19.7
Curl Libcurl 7.12
Curl Libcurl 7.12.0
Curl Libcurl 7.14
Curl Libcurl 7.14.1
6.8
CVSSv2
CVE-2009-0037
The redirect implementation in curl and libcurl 5.11 up to and including 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary...
Curl Curl 6.3.1
Curl Curl 6.4
Curl Curl 7.2
Curl Curl 7.3
Curl Curl 7.6
Curl Curl 7.6.1
Curl Curl 7.8.1
Curl Curl 7.8.2
Curl Curl 7.9.6
Curl Curl 7.9.7
Curl Curl 7.10.5
Curl Curl 7.10.6
Curl Curl 7.13.2
Curl Curl 7.14
Curl Curl 7.19.3
Curl Libcurl 7.12
Curl Libcurl 7.14.1
Curl Libcurl 7.15
Curl Libcurl 7.15.1
Curl Curl 6.5
Curl Curl 6.5.1
Curl Curl 7.4
1 EDB exploit
1 Github repository
6.5
CVSSv2
CVE-2016-1000104
A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.
Apache Mod Fcgid
Opensuse Leap 42.1
Opensuse Opensuse 13.2
6.4
CVSSv2
CVE-2018-16842
Curl versions 7.14.1 up to and including 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
Haxx Curl
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.4
CVSSv2
CVE-2018-1000005
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The pr...
Haxx Libcurl
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 14.04
1 Article
6.4
CVSSv2
CVE-2016-2176
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL prior to 1.0.1t and 1.0.2 prior to 1.0.2h allows remote malicious users to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.
Openssl Openssl 1.0.2a
Openssl Openssl 1.0.2e
Openssl Openssl 1.0.2b
Openssl Openssl 1.0.2g
Openssl Openssl 1.0.2c
Openssl Openssl 1.0.2
Openssl Openssl
Openssl Openssl 1.0.2f
Openssl Openssl 1.0.2d
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »