Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
curl vulnerabilities and exploits
(subscribe to this query)
3.7
CVSSv3
CVE-2023-38546
This flaw allows an malicious user to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single tran...
Haxx Libcurl
2 Articles
4.2
CVSSv3
CVE-2023-45803
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) t...
Python Urllib3
Fedoraproject Fedora 38
7.8
CVSSv3
CVE-2023-43069
Dell SmartFabric Storage Software v1.4 (and previous versions) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker.
Dell Smartfabric Storage Software
9.8
CVSSv3
CVE-2023-33270
An issue exists in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection (blind).
Dts Monitoring 3.57.0
7.5
CVSSv3
CVE-2023-38039
When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless...
Haxx Curl
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Microsoft Windows 10 22h2
Microsoft Windows 11 21h2
Microsoft Windows 11 22h2
Microsoft Windows 11 23h2
Microsoft Windows 10 1809
Microsoft Windows Server 2019
Microsoft Windows Server 2022
Microsoft Windows 10 21h2
3.3
CVSSv3
CVE-2020-19909
Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, fo...
Haxx Curl 7.65.2
NA
CVE-2023-32001
Rejected reason: We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for.
8.2
CVSSv3
CVE-2023-35934
yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent ...
Yt-dlp Project Yt-dlp
Youtube-dlc Project Youtube-dlc
Yt-dl Youtube-dl
Fedoraproject Fedora 37
Fedoraproject Fedora 38
7.5
CVSSv3
CVE-2023-35133
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and previous versions unsupported versions.
Moodle Moodle 4.2.0
Moodle Moodle
6.5
CVSSv3
CVE-2023-23597
A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary fi...
Mozilla Firefox
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »