Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libcurl vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2015-3236
cURL and libcurl 7.40.0 up to and including 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote malicious users to obtain sensitive in...
Haxx Curl 7.42.1
Haxx Libcurl 7.40.0
Haxx Curl 7.40.0
Haxx Curl 7.41.0
Haxx Curl 7.42.0
Haxx Libcurl 7.42.1
Haxx Libcurl 7.41.0
Haxx Libcurl 7.42.0
5
CVSSv2
CVE-2015-3153
The default configuration for cURL and libcurl prior to 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
Oracle Enterprise Manager Ops Center 12.3.0
Oracle Enterprise Manager Ops Center 12.2.0
Oracle Enterprise Manager Ops Center 12.2.1
Oracle Enterprise Manager Ops Center
Haxx Libcurl
Haxx Curl
Canonical Ubuntu Linux 15.1
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 12.04
Apple Mac Os X 10.10.4
Debian Debian Linux 8.0
5
CVSSv2
CVE-2014-3620
cURL and libcurl prior to 7.38.0 allow remote malicious users to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.
Haxx Curl 7.35.0
Haxx Curl 7.32.0
Haxx Curl 7.33.0
Haxx Curl 7.36.0
Haxx Curl
Haxx Curl 7.31.0
Haxx Curl 7.34.0
Haxx Curl 7.37.0
Haxx Libcurl 7.37.0
Haxx Libcurl 7.33.0
Haxx Libcurl 7.36.0
Haxx Libcurl 7.34.0
Haxx Libcurl 7.31.0
Haxx Libcurl 7.35.0
Haxx Libcurl
Haxx Libcurl 7.32.0
Apple Mac Os X
5
CVSSv2
CVE-2007-4850
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent malicious users to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-...
Php Php 5.2.4
Php Php 5.2.5
1 EDB exploit
4.6
CVSSv2
CVE-2020-8177
curl 7.20.0 up to and including 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
Haxx Curl
Debian Debian Linux 10.0
Fujitsu M10-1 Firmware
Fujitsu M10-4 Firmware
Fujitsu M10-4s Firmware
Fujitsu M12-1 Firmware
Fujitsu M12-2 Firmware
Fujitsu M12-2s Firmware
Siemens Sinec Infrastructure Network Services
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
4.6
CVSSv2
CVE-2019-5436
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 up to and including 7.64.1.
Haxx Libcurl
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Leap 15.1
Fedoraproject Fedora 29
Debian Debian Linux 9.0
Debian Debian Linux 10.0
F5 Traffix Signaling Delivery Controller
Netapp Steelstore Cloud Integrated Storage -
Netapp Solidfire -
Netapp Hci Management Node -
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Enterprise Manager Ops Center 12.4.0
Oracle Mysql Server
Oracle Oss Support Tools 20.0
4.6
CVSSv2
CVE-2017-7836
The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. Note: This attack requir...
Mozilla Firefox
4.6
CVSSv2
CVE-2005-4077
Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 up to and including 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating...
Daniel Stenberg Curl 7.13
Daniel Stenberg Curl 7.13.1
Daniel Stenberg Curl 7.11.2
Daniel Stenberg Curl 7.13.2
Daniel Stenberg Curl 7.14
Daniel Stenberg Curl 7.12.2
Daniel Stenberg Curl 7.12.3
Daniel Stenberg Curl 7.12
Daniel Stenberg Curl 7.12.1
Daniel Stenberg Curl 7.14.1
Daniel Stenberg Curl 7.15
4.3
CVSSv2
CVE-2021-22947
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of ca...
Haxx Curl
Fedoraproject Fedora 33
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Cloud Backup -
Netapp Clustered Data Ontap -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
Netapp Solidfire Baseboard Management Controller Firmware -
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Mysql Server
Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.0
2 Github repositories
1 Article
4.3
CVSSv2
CVE-2021-22922
When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different...
Haxx Curl
Fedoraproject Fedora 33
Netapp Cloud Backup -
Netapp Clustered Data Ontap -
Netapp Solidfire -
Netapp Hci Management Node -
Oracle Mysql Server
Siemens Sinec Infrastructure Network Services
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »