Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
curl vulnerabilities and exploits
(subscribe to this query)
606
VMScore
CVE-2016-9586
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it coul...
Haxx Curl
606
VMScore
CVE-2016-9594
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
Haxx Curl
445
VMScore
CVE-2016-0754
cURL prior to 7.47.0 on Windows allows malicious users to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name.
Haxx Curl
NA
CVE-2020-19909
Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, fo...
Haxx Curl 7.65.2
NA
CVE-2024-0853
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.
Haxx Curl 8.5.0
1 Github repository
NA
CVE-2023-46219
When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.
Haxx Curl
Fedoraproject Fedora 38
1 Github repository
NA
CVE-2023-46218
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It coul...
Haxx Curl
Fedoraproject Fedora 39
570
VMScore
CVE-2015-3237
The smb_request_state function in cURL and libcurl 7.40.0 up to and including 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.
Haxx Curl 7.40.0
Haxx Libcurl 7.40.0
Haxx Curl 7.42.0
Haxx Libcurl 7.42.1
Haxx Libcurl 7.41.0
Haxx Curl 7.42.1
Haxx Curl 7.41.0
Haxx Libcurl 7.42.0
Hp System Management Homepage
Oracle Enterprise Manager Ops Center 12.2.2
Oracle Glassfish Server 3.1.2
Oracle Enterprise Manager Ops Center 12.3.2
Oracle Glassfish Server 3.0.1
Oracle Enterprise Manager Ops Center 12.1.4
454
VMScore
CVE-2005-0490
Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Cu...
Haxx Curl 7.12.1
Haxx Libcurl 7.12.1
NA
CVE-2022-43552
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl...
Haxx Curl
Apple Macos
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »