CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 1CVE-2022-32207 – curl: Unpreserved file permissions
https://notcve.org/view.php?id=CVE-2022-32207
28 Jun 2022 — When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. Cuando curl versiones anteriores a 7.84.0, guarda datos de cookies, alt-svc y hsts en archivos locales, hace que la operación sea atómica al finalizar la oper... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-276: Incorrect Default Permissions CWE-281: Improper Preservation of Permissions CWE-840: Business Logic Errors •
CVSS: 5.9EPSS: 0%CPEs: 22EXPL: 1CVE-2022-32208 – curl: FTP-KRB bad message verification
https://notcve.org/view.php?id=CVE-2022-32208
28 Jun 2022 — When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. Cuando curl versiones anteriores a 7.84.0, hace transferencias FTP aseguradas por krb5, maneja inapropiadamente los fallos de verificación de mensajes. Este fallo hace posible que un ataque de tipo Man-In-The-Middle pase desapercibido e incluso permite inyectar datos al cliente A vu... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-787: Out-of-bounds Write CWE-840: Business Logic Errors CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 8.1EPSS: 1%CPEs: 23EXPL: 1CVE-2022-27778
https://notcve.org/view.php?id=CVE-2022-27778
01 Jun 2022 — A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. Una vulnerabilidad en el uso de nombres resueltos incorrectamente, corregida en versión 7.83.1, podía eliminar el archivo equivocado cuando es usado "--no-clobber" junto con "--remove-on-error" • https://hackerone.com/reports/1553598 • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 5.7EPSS: 0%CPEs: 20EXPL: 1CVE-2022-27774 – curl: credential leak on redirect
https://notcve.org/view.php?id=CVE-2022-27774
01 Jun 2022 — An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. Una vulnerabilidad de credenciales insuficientemente protegidas se presenta en curl versión 4.9 a e incluyen curl versión 7.82.0 están afectados que podría permitir a un atacante para extraer cred... • https://hackerone.com/reports/1543773 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 1CVE-2022-27775 – curl: bad local IPv6 connection reuse
https://notcve.org/view.php?id=CVE-2022-27775
01 Jun 2022 — An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. Se presenta una vulnerabilidad de divulgación de información en curl versiones 7.65.0 a 7.82.0, son vulnerables que al usar una dirección IPv6 que estaba en el pool de conexiones pero con un id de zona diferente podría reusar una conexión en su lugar A vulnerability was found in curl. This securi... • https://hackerone.com/reports/1546268 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 1CVE-2022-27776 – curl: auth/cookie leak on redirect
https://notcve.org/view.php?id=CVE-2022-27776
01 Jun 2022 — A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Una vulnerabilidad de credenciales insuficientemente protegidas fijada en curl versión 7.83.0, podría filtrar datos de autenticación o de encabezados de cookies en redireccionamientos HTTP al mismo host pero con otro número de puerto A vulnerability was found in curl. This security flaw allows leak authentication or cookie he... • https://hackerone.com/reports/1547048 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 18EXPL: 1CVE-2022-27779 – Gentoo Linux Security Advisory 202212-01
https://notcve.org/view.php?id=CVE-2022-27779
01 Jun 2022 — libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then wo... • https://hackerone.com/reports/1553301 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 1CVE-2022-30115 – Gentoo Linux Security Advisory 202212-01
https://notcve.org/view.php?id=CVE-2022-30115
01 Jun 2022 — Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL. usando su soporte HSTS, curl puede ser instruido para usar HTTPS directamente en lugar de usar un paso no ... • http://www.openwall.com/lists/oss-security/2022/10/26/4 • CWE-319: Cleartext Transmission of Sensitive Information CWE-325: Missing Cryptographic Step •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 1CVE-2022-27780 – Gentoo Linux Security Advisory 202212-01
https://notcve.org/view.php?id=CVE-2022-27780
11 May 2022 — The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more. El analizador de URLs de Curl acepta erróneamente separadores de URL codificados en porcentaje, como "/", c... • https://hackerone.com/reports/1553841 • CWE-177: Improper Handling of URL Encoding (Hex Encoding) CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 1CVE-2022-27781 – curl: CERTINFO never-ending busy-loop
https://notcve.org/view.php?id=CVE-2022-27781
11 May 2022 — libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. libcurl proporciona la opción "CURLOPT_CERTINFO" para permitir que las aplicaciones soliciten que se devuelvan detalles sobre la cadena de certificados de un servidor. Debido a una función errónea, un servidor mali... • https://hackerone.com/reports/1555441 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •