Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
curl vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-32221
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This f...
Haxx Curl
Netapp Clustered Data Ontap -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Apple Macos
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
1 Github repository
NA
CVE-2023-23916
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of a...
Haxx Curl
Fedoraproject Fedora 36
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp Clustered Data Ontap -
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
5
CVSSv2
CVE-2022-27780
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allo...
Haxx Curl
Netapp Hci Bootstrap Os -
Netapp Clustered Data Ontap -
Netapp Solidfire \\& Hci Management Node -
Netapp Solidfire\\, Enterprise Sds \\& Hci Storage Node -
Netapp H410s Firmware -
Netapp H700s Firmware -
Netapp H500s Firmware -
Netapp H300s Firmware -
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
4
CVSSv2
CVE-2022-30115
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the ...
Haxx Curl
Netapp Hci Bootstrap Os -
Netapp Clustered Data Ontap -
Netapp Solidfire \\& Hci Management Node -
Netapp Solidfire\\, Enterprise Sds \\& Hci Storage Node -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
4.6
CVSSv2
CVE-2020-8177
curl 7.20.0 up to and including 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
Haxx Curl
Debian Debian Linux 10.0
Fujitsu M10-1 Firmware
Fujitsu M10-4 Firmware
Fujitsu M10-4s Firmware
Fujitsu M12-1 Firmware
Fujitsu M12-2 Firmware
Fujitsu M12-2s Firmware
Siemens Sinec Infrastructure Network Services
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
NA
CVE-2022-35252
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
Haxx Curl
Netapp Element Software -
Netapp Clustered Data Ontap -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Bootstrap Os -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Apple Macos
Debian Debian Linux 10.0
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
5
CVSSv2
CVE-2022-27779
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awa...
Haxx Curl
Netapp Hci Bootstrap Os -
Netapp Clustered Data Ontap -
Netapp Solidfire \\& Hci Management Node -
Netapp Hci Compute Node -
Netapp Solidfire\\, Enterprise Sds \\& Hci Storage Node -
Netapp H410s Firmware -
Netapp H700s Firmware -
Netapp H500s Firmware -
Netapp H300s Firmware -
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
5
CVSSv2
CVE-2022-27775
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
Haxx Curl
Debian Debian Linux 11.0
Netapp Hci Bootstrap Os -
Netapp Clustered Data Ontap -
Netapp Solidfire \\& Hci Management Node -
Netapp Solidfire \\& Hci Storage Node -
Brocade Fabric Operating System -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
7.5
CVSSv2
CVE-2022-32207
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the t...
Haxx Curl
Fedoraproject Fedora 35
Debian Debian Linux 11.0
Netapp Element Software -
Netapp Clustered Data Ontap -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Bootstrap Os -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Apple Macos
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
NA
CVE-2023-38039
When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless...
Haxx Curl
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Microsoft Windows 10 22h2
Microsoft Windows 11 21h2
Microsoft Windows 11 22h2
Microsoft Windows 11 23h2
Microsoft Windows 10 1809
Microsoft Windows Server 2019
Microsoft Windows Server 2022
Microsoft Windows 10 21h2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »