CVSS: 5.7EPSS: 0%CPEs: 26EXPL: 1CVE-2021-22923 – curl: Metalink download sends credentials
https://notcve.org/view.php?id=CVE-2021-22923
05 Aug 2021 — When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened. Cuando es instruido a curl de obtener contenidos usando la funcionalidad metalink, y se usan un nombre de usuario y una contras... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-319: Cleartext Transmission of Sensitive Information CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 45EXPL: 1CVE-2021-22925 – curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure
https://notcve.org/view.php?id=CVE-2021-22925
22 Jul 2021 — curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly when... • http://seclists.org/fulldisclosure/2021/Sep/39 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •
CVSS: 3.1EPSS: 0%CPEs: 18EXPL: 2CVE-2021-22898 – curl: TELNET stack contents disclosure
https://notcve.org/view.php?id=CVE-2021-22898
26 May 2021 — curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. curl versiones 7.7 hasta 7.76.1 suf... • http://www.openwall.com/lists/oss-security/2021/07/21/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource CWE-909: Missing Initialization of Resource •
CVSS: 4.3EPSS: 0%CPEs: 72EXPL: 0CVE-2020-8284 – curl: FTP PASV command response can cause curl to connect to arbitrary host
https://notcve.org/view.php?id=CVE-2020-8284
09 Dec 2020 — A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. Un servidor malicioso puede usar la respuesta FTP PASV para engañar a curl versiones 7.73.0 y anteriores, para que se conecte de nuevo a una dirección IP y puerto determinados, y de esta manera pot... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 1CVE-2020-8177 – curl: Incorrect argument check can allow remote servers to overwrite local files
https://notcve.org/view.php?id=CVE-2020-8177
24 Jun 2020 — curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. curl versiones 7.20.0 hasta 7.70.0, es vulnerable a una restricción inapropiada de nombres para archivos y otros recursos que pueden conllevar a sobrescribir demasiado un archivo local cuando el flag -J es usado A flaw was found in curl. Overwriting local files is possible when using a certain combination of command line options. Request... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4606
https://notcve.org/view.php?id=CVE-2016-4606
21 Feb 2020 — Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Curl versiones anteriores a 7.49.1, en Apple OS X macOS Sierra versiones anteriores a 10.12, permite a atacantes remotos o locales ejecutar código arbitrario, conseguir información confidencial, causar condición de denegación... • http://www.securityfocus.com/bid/93055 •
CVSS: 9.8EPSS: 5%CPEs: 30EXPL: 0CVE-2019-5482 – curl: heap buffer overflow in function tftp_receive_packet()
https://notcve.org/view.php?id=CVE-2019-5482
11 Sep 2019 — Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Un desbordamiento del búfer de la pila en el manejador de protocolo TFTP en cURL versiones 7.19.4 hasta 7.65.3. Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-5443
https://notcve.org/view.php?id=CVE-2019-5443
02 Jul 2019 — A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. Un usuario o programa no privilegiado puede colocar un código y un archivo de configuración en una ruta (path) no privilegiada conocida (bajo C:/usr/local/) que hará que curl anterior a versión 7.65.1 incluyéndola, ejecute a... • http://www.openwall.com/lists/oss-security/2019/06/24/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-427: Uncontrolled Search Path Element •
CVSS: 9.1EPSS: 1%CPEs: 8EXPL: 0CVE-2018-16842 – curl: Heap-based buffer over-read in the curl tool warning formatting
https://notcve.org/view.php?id=CVE-2018-16842
31 Oct 2018 — Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. Curl, desde la versión 7.14.1 hasta la 7.61.1, es vulnerable a una sobrelectura de búfer basada en memoria dinámica (heap) en la función tool_msgs.c:voutf() que podría resultar en una exposición de información y una denegación de servicio (DoS). Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remo... • http://www.securitytracker.com/id/1042014 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 1%CPEs: 18EXPL: 0CVE-2018-1000301 – curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service
https://notcve.org/view.php?id=CVE-2018-1000301
16 May 2018 — curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. curl en su versión 7.20.0 hasta la 7.59.0 contiene una vulnerabilidad CWE-126: sobrelectura de búfer y denegación de servicio (DoS) que puede resultar en que se puede e... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-125: Out-of-bounds Read •