CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-27782 – curl: TLS and SSH connection too eager reuse
https://notcve.org/view.php?id=CVE-2022-27782
11 May 2022 — libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. libcurl reusaba una conexión creada previamente incluso cuando había sido cambiada una opción relacionada con TLS o SSH que d... • http://www.openwall.com/lists/oss-security/2023/03/20/6 • CWE-295: Improper Certificate Validation CWE-840: Business Logic Errors •
CVSS: 8.1EPSS: 0%CPEs: 20EXPL: 1CVE-2022-22576 – curl: OAUTH2 bearer bypass in connection re-use
https://notcve.org/view.php?id=CVE-2022-22576
29 Apr 2022 — An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). Se presenta una vulnerabilidad de autenticación inapropiada en curl versiones 7.33.0 hasta 7.82.0 incluyéndola, que podría permitir reúso de conexiones aute... • https://hackerone.com/reports/1526328 • CWE-287: Improper Authentication CWE-295: Improper Certificate Validation CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2021-31566 – libarchive: symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive
https://notcve.org/view.php?id=CVE-2021-31566
15 Mar 2022 — An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system. Un fallo de resolución de enlaces inapropiado puede ocurrir mientras es extraído un archivo que conlleva a un cambio de modos, tiempos, listas ... • https://access.redhat.com/security/cve/CVE-2021-31566 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 0%CPEs: 46EXPL: 1CVE-2021-22947 – curl: Server responses received before STARTTLS processed after TLS handshake
https://notcve.org/view.php?id=CVE-2021-22947
15 Sep 2021 — When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-thro... • http://seclists.org/fulldisclosure/2022/Mar/29 • CWE-310: Cryptographic Issues CWE-319: Cleartext Transmission of Sensitive Information CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.1EPSS: 0%CPEs: 29EXPL: 1CVE-2021-22945 – Gentoo Linux Security Advisory 202212-01
https://notcve.org/view.php?id=CVE-2021-22945
15 Sep 2021 — When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. Cuando se envían datos a un servidor MQTT, libcurl versiones anteriores a 7.73.0, incluyéndola y 7.78.0, podría en algunas circunstancias, mantener erróneamente un puntero a un área de memoria ya liberada y usarlo de nuevo en una llamada posterior para enviar datos y también... • http://seclists.org/fulldisclosure/2022/Mar/29 • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 1CVE-2021-22946 – curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols
https://notcve.org/view.php?id=CVE-2021-22946
15 Sep 2021 — A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitiv... • http://seclists.org/fulldisclosure/2022/Mar/29 • CWE-319: Cleartext Transmission of Sensitive Information CWE-325: Missing Cryptographic Step •
CVSS: 5.7EPSS: 0%CPEs: 26EXPL: 1CVE-2021-22923 – curl: Metalink download sends credentials
https://notcve.org/view.php?id=CVE-2021-22923
05 Aug 2021 — When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened. Cuando es instruido a curl de obtener contenidos usando la funcionalidad metalink, y se usan un nombre de usuario y una contras... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-319: Cleartext Transmission of Sensitive Information CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 1CVE-2021-22926 – Gentoo Linux Security Advisory 202212-01
https://notcve.org/view.php?id=CVE-2021-22926
05 Aug 2021 — libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users ... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-295: Improper Certificate Validation CWE-840: Business Logic Errors •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 1CVE-2021-22922 – curl: Content not matching hash in Metalink is not being discarded
https://notcve.org/view.php?id=CVE-2021-22922
05 Aug 2021 — When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replace... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions CWE-840: Business Logic Errors •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-30560 – Gentoo Linux Security Advisory 202310-23
https://notcve.org/view.php?id=CVE-2021-30560
22 Jul 2021 — Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Blink XSLT en Google Chrome versiones anteriores a 91.0.4472.164, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Nicolas Gregoire discovered that Libxslt incorrectly handled certain XML. An attacker could possibly use this issue to expose s... • https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html • CWE-416: Use After Free •