CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 1CVE-2011-3389 – HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
https://notcve.org/view.php?id=CVE-2011-3389
06 Sep 2011 — The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClie... • https://github.com/mpgn/BEAST-PoC • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2010-3842
https://notcve.org/view.php?id=CVE-2010-3842
27 Oct 2010 — Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header. Vulnerabilidad de salto de directorio absoluto en curl v7.20.0 hasta v7.21.1, cuando se utiliza la opción --remote-header-name o -J, permite a los servidores remotos crear o sobreescribir archivos arbitrarios mediante el uso de \... • http://curl.haxx.se/docs/adv_20101013.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 80EXPL: 2CVE-2009-0037 – cURL/libcURL 7.19.3 - HTTP 'Location:' Redirect Security Bypass
https://notcve.org/view.php?id=CVE-2009-0037
05 Mar 2009 — The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. La implementación de redirección en curl y libcurl v5.11 hasta v7.19.3, cuando CURLOPT_FOLLOWLOCATION esta activado, acepta valores de locali... • https://www.exploit-db.com/exploits/32834 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 5%CPEs: 3EXPL: 0CVE-2006-1061
https://notcve.org/view.php?id=CVE-2006-1061
21 Mar 2006 — Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path. • http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1326.html •
CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 0CVE-2005-4077
https://notcve.org/view.php?id=CVE-2005-4077
08 Dec 2005 — Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16/SCOSA-2006.16.txt • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2005-3185
https://notcve.org/view.php?id=CVE-2005-3185
13 Oct 2005 — Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 5%CPEs: 2EXPL: 0CVE-2005-0490
https://notcve.org/view.php?id=CVE-2005-0490
21 Feb 2005 — Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000940 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 10.0EPSS: 7%CPEs: 14EXPL: 3CVE-2000-0973 – cURL 6.1 < 7.4 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-0973
19 Dec 2000 — Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated. • https://www.exploit-db.com/exploits/20292 •