pkg:Debian/curl
共 246 筆 CVECRITICAL46HIGH67MEDIUM62LOW20
✅ 檢查你的版本
所有已知漏洞
- from 0, < 7.74.0-1.3+deb11u10
- from 0, < 7.74.0-1.3+deb11u10
- from 0, < 7.74.0-1.3+deb11u5
- from 0, < 7.74.0-1.3+deb11u5
- CRITICAL9.8CVE-2022-32207When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a re…from 0, < 7.74.0-1.3+deb11u2
- from 0, < 7.26.0-1+wheezy25
- from 0, < 7.38.0-4+deb8u10
- from 0, < 7.60.0-1
- from 0, < 7.66.0-1
- from 0, < 7.38.0-4+deb8u16
- from 0, < 7.66.0-1
- from 0, < 7.52.1-5+deb9u10
- CRITICAL9.8CVE-2019-3822libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow.from 0, < 7.64.0-1
- CRITICAL9.8CVE-2018-16840A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle.from 0, < 7.62.0-1
- from 0, < 7.62.0-1
- from 0, < 7.52.1-5+deb9u8
- from 0, < 7.38.0-4+deb8u12
- from 0, < 7.52.1-5+deb9u7
- from 0, < 7.62.0-1
- CRITICAL9.8CVE-2016-8620The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled i…from 0, < 7.51.0-1
- CRITICAL9.8CVE-2016-8619The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.from 0, < 7.51.0-1
- CRITICAL9.8CVE-2016-8622The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`.from 0, < 7.51.0-1
- CRITICAL9.8CVE-2016-8618The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` m…from 0, < 7.51.0-1
- CRITICAL9.8CVE-2018-0500Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable b…from 0, < 7.61.0-1
- CRITICAL9.8CVE-2018-1000300curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and…from 0, < 7.60.0-1
- from 0, < 7.58.0-1
- from 0, < 7.38.0-4+deb8u9
- from 0, < 7.26.0-1+wheezy24
- CRITICAL9.8CVE-2017-8818curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash…from 0, < 7.57.0-1
- from 0, < 7.26.0-1+wheezy23
- from 0, < 7.57.0-1
- from 0, < 7.38.0-4+deb8u8
- from 0, < 7.57.0-1
- from 0, < 7.51.0-1
- from 0, < 7.26.0-1+wheezy16
- CRITICAL9.1CVE-2023-23914A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multi…from 0
- CRITICAL9.1CVE-2021-22945When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already free…from 0, < 7.74.0-1.3+deb11u2
- CRITICAL9.1CVE-2018-16842Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in…from 0, < 7.62.0-1
- from 0, < 7.38.0-4+deb8u11
- from 0, < 7.26.0-1+wheezy25+deb7u1
- from 0, < 7.60.0-1
- CRITICAL9.1CVE-2018-1000122A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a deni…from 0, < 7.60.0-1
- CRITICAL9.1CVE-2018-1000005libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers.from 0, < 7.58.0-1
- from 0, < 7.26.0-1+wheezy22
- from 0, < 7.38.0-4+deb8u7
- from 0, < 7.56.1-1
- from 0, < 7.64.0-4+deb10u9
- from 0, < 7.74.0-1.3+deb11u8
- from 0, < 7.74.0-1.3+deb11u8
- from 0, < 7.64.0-4+deb10u6
- HIGH8.8CVE-2005-0490Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execut…from 0, < 7.13.0-2
- HIGH8.6CVE-2024-2398When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maxim…from 0, < 7.74.0-1.3+deb11u12
- from 0, < 7.86.0-1
- HIGH8.1CVE-2022-27778A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--r…from 0, < 7.83.1-1
- HIGH8.1CVE-2022-22576An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connect…from 0, < 7.74.0-1.3+deb11u2
- from 0, < 7.52.1-1
- from 0, < 7.26.0-1+wheezy18
- HIGH8.1CVE-2016-5421Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified oth…from 0, < 7.50.1-1
- from 0, < 7.52.1-5+deb9u11
- from 0, < 7.72.0-1
- from 0, < 7.38.0-4+deb8u15
- from 0, < 7.64.0-4
- HIGH7.5CVE-2026-6276Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy…from 0
- HIGH7.5CVE-2026-5773libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers.from 0
- HIGH7.5CVE-2026-3805When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.from 0
- from 0, < 8.14.1-2+deb13u1
- from 0, < 7.74.0-1.3+deb11u16
- HIGH7.5CVE-2025-5399Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in…from 0, < 8.14.1-1
- HIGH7.5CVE-2024-6197libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string.from 0, < 8.9.0-1
- HIGH7.5CVE-2023-38039When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API.from 0, < 7.88.1-10+deb12u3
- HIGH7.5CVE-2023-28319A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA…from 0, < 7.88.1-10
- HIGH7.5CVE-2022-43551A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP.from 0
- HIGH7.5CVE-2022-42916In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP.from 0
- HIGH7.5CVE-2022-27782libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse…from 0, < 7.74.0-1.3+deb11u2
- HIGH7.5CVE-2022-27781libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Du…from 0, < 7.74.0-1.3+deb11u2
- HIGH7.5CVE-2022-27780The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *differen…from 0, < 7.83.1-1
- HIGH7.5CVE-2022-27775An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connec…from 0, < 7.74.0-1.3+deb11u2
- from 0, < 7.74.0-1.3+deb11u2
- from 0, < 7.52.1-5+deb9u16
- HIGH7.5CVE-2020-8286curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP respo…from 0, < 7.74.0-1
- HIGH7.5CVE-2020-8285curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.from 0, < 7.74.0-1
- from 0, < 7.72.0-1
- from 0, < 7.52.1-5+deb9u12
- from 0, < 7.64.0-4+deb10u2
- from 0, < 7.72.0-1
- HIGH7.5CVE-2019-3823libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP.from 0, < 7.64.0-1
- from 0, < 7.38.0-4+deb8u14
- from 0, < 7.64.0-1
- from 0, < 7.52.1-5+deb9u9
- from 0, < 7.10.7-1
- HIGH7.5CVE-2016-8625curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and…from 0, < 7.51.0-1
- from 0, < 7.51.0-1
- from 0, < 7.26.0-1+wheezy17
- from 0, < 7.38.0-4+deb8u5
- from 0, < 7.51.0-1
- HIGH7.5CVE-2016-8621The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit sho…from 0, < 7.51.0-1
- HIGH7.5CVE-2016-8624curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, an…from 0, < 7.51.0-1
- HIGH7.5CVE-2017-7468In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had change…from 0, < 7.52.1-5
- HIGH7.5CVE-2018-1000121A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of…from 0, < 7.60.0-1
- from 0, < 7.56.1-1
- from 0, < 7.26.0-1+wheezy21
- from 0, < 7.38.0-4+deb8u13
- from 0, < 7.26.0-1+wheezy15
- from 0, < 7.51.0-1
- HIGH7.5CVE-2016-5420curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote atta…from 0, < 7.50.1-1
- from 0, < 7.50.1-1
- from 0, < 7.26.0-1+wheezy14
- from 0, < 7.38.0-4+deb8u4
- HIGH7.3CVE-2025-0725When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,…from 0
- from 0, < 7.47.0-1
- from 0, < 7.38.0-4+deb8u3
- HIGH7.0CVE-2025-0665libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded…from 0, < 8.12.0+git20250209.89ed161+ds-1
- HIGH7.0CVE-2016-8617The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at leas…from 0, < 7.51.0-1
- MEDIUM6.5CVE-2026-5545libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenti…from 0
- MEDIUM6.5CVE-2026-3784curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials fo…from 0
- MEDIUM6.5CVE-2026-1965libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.from 0
- MEDIUM6.5CVE-2025-4947libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the UR…from 0, < 8.14.0-1
- MEDIUM6.5CVE-2024-9681When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or late…from 0
- from 0, < 7.74.0-1.3+deb11u14
- from 0, < 7.74.0-1.3+deb11u14
- MEDIUM6.5CVE-2024-7264libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field.from 0, < 7.74.0-1.3+deb11u13
- MEDIUM6.5CVE-2024-2466libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS.from 0, < 8.7.1-1
- from 0, < 7.74.0-1.3+deb11u11
- from 0, < 7.74.0-1.3+deb11u11
- from 0, < 7.74.0-1.3+deb11u7
- from 0, < 7.64.0-4+deb10u5
- from 0, < 7.74.0-1.3+deb11u7
- MEDIUM6.5CVE-2023-23915A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incor…from 0
- from 0, < 7.86.0-1
- MEDIUM6.5CVE-2022-32206curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentiall…from 0, < 7.74.0-1.3+deb11u2
- MEDIUM6.5CVE-2022-27776A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redire…from 0, < 7.74.0-1.3+deb11u2
- MEDIUM6.5CVE-2021-22922When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML…from 0
- MEDIUM6.5CVE-2017-2629curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificat…from 0, < 7.52.1-3
- MEDIUM6.5CVE-2017-1000101curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence o…from 0, < 7.55.0-1
- from 0, < 7.38.0-4+deb8u6
- from 0, < 7.55.0-1
- from 0, < 7.26.0-1+wheezy20
- MEDIUM6.3CVE-2025-14017When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them…from 0
- MEDIUM6.3CVE-2024-2379libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL.from 0
- MEDIUM5.9CVE-2026-6253curl might erroneously pass on credentials for a first proxy to a second proxy.from 0
- MEDIUM5.9CVE-2026-4873A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool.from 0
- MEDIUM5.9CVE-2025-13034When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the ser…from 0, < 8.14.1-2+deb13u3
- from 0, < 7.74.0-1.3+deb11u9
- from 0, < 7.64.0-4+deb10u7
- MEDIUM5.9CVE-2023-28320A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, s…from 0
- MEDIUM5.9CVE-2023-27537A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles".from 0, < 7.88.1-7
- MEDIUM5.9CVE-2023-27536An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connect…from 0, < 7.74.0-1.3+deb11u8
- MEDIUM5.9CVE-2023-27535An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials be…from 0, < 7.74.0-1.3+deb11u8
- from 0, < 7.74.0-1.3+deb11u5
- MEDIUM5.9CVE-2022-32208When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.from 0, < 7.74.0-1.3+deb11u2
- MEDIUM5.9CVE-2021-22947When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server…from 0, < 7.74.0-1.3+deb11u2
- MEDIUM5.9CVE-2016-8616A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and pas…from 0, < 7.51.0-1
- from 0, < 7.64.0-4+deb10u4
- from 0, < 7.74.0-1.3+deb11u2
- MEDIUM5.5CVE-2023-27538An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite th…from 0, < 7.74.0-1.3+deb11u8
- MEDIUM5.3CVE-2026-7168Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the prox…from 0
- MEDIUM5.3CVE-2026-6429When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first hos…from 0
- MEDIUM5.3CVE-2026-3783When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that to…from 0
- MEDIUM5.3CVE-2025-15079When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting…from 0
- MEDIUM5.3CVE-2025-14819When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could acci…from 0
- MEDIUM5.3CVE-2025-14524When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses…from 0
- MEDIUM5.3CVE-2025-10148curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says.from 0
- MEDIUM5.3CVE-2024-0853curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed.from 0, < 8.6.0-1
- MEDIUM5.3CVE-2023-46219When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file…from 0
- MEDIUM5.3CVE-2022-27779libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to r…from 0, < 7.83.1-1
- MEDIUM5.3CVE-2021-22923When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file,…from 0
- from 0, < 7.52.1-5+deb9u14
- from 0, < 7.74.0-1.2
- MEDIUM5.3CVE-2016-3739The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcur…from 0, < 7.50.1-1
- MEDIUM4.8CVE-2025-5025libcurl supports *pinning* of the server certificate public key for HTTPS transfers.from 0, < 8.14.0-1
- MEDIUM4.6CVE-2025-11563URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without t…from 0, < 8.14.1-2+deb13u2
- MEDIUM4.3CVE-2025-10966curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mecha…from 0
- MEDIUM4.3CVE-2024-6874libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode conversions, to and from IDN.from 0, < 8.9.0-1
- MEDIUM4.3CVE-2022-32205A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them.from 0, < 7.74.0-1.3+deb11u2
- MEDIUM4.3CVE-2022-30115Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is pro…from 0, < 7.83.1-1
- LOW3.7CVE-2023-38546This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met.from 0, < 7.74.0-1.3+deb11u10
- from 0, < 7.64.0-4+deb10u8
- from 0, < 7.74.0-1.3+deb11u9
- LOW3.7CVE-2022-35252When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back…from 0, < 7.74.0-1.3+deb11u3
- LOW3.7CVE-2021-22924libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to er…from 0, < 7.74.0-1.3+deb11u2
- LOW3.7CVE-2021-22890curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of…from 0, < 7.74.0-1.2
- from 0, < 7.52.1-5+deb9u13
- from 0, < 7.74.0-1
- LOW3.7CVE-2019-5435An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.from 0, < 7.64.0-4
- LOW3.5CVE-2024-2004When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the…from 0, < 7.88.1-10+deb12u6
- LOW3.4CVE-2025-0167When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to…from 0, < 7.88.1-10+deb12u11
- LOW3.4CVE-2024-11053When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host t…from 0, < 7.88.1-10+deb12u10
- LOW3.3CVE-2020-19909Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay.from 0, < 7.66.0-1
- LOW3.1CVE-2025-15224When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authen…from 0
- from 0, < 7.74.0-1.3+deb11u2
- from 0, < 7.74.0-1.3+deb11u2
- from 0, < 7.52.1-5+deb9u15
- from 0, < 7.64.0-4+deb10u3
- from 0, < 7.52.1-4
- from 0, < 7.26.0-1+wheezy19
- —CVE-2015-3237The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from mem…from 0, < 7.43.0-1
- —CVE-2015-3236cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_…from 0, < 7.43.0-1
- from 0, < 7.38.0-4+deb8u2
- from 0, < 7.42.1-1
- —CVE-2015-3148cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect…from 0, < 7.42.0-1
- —CVE-2015-3145The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attac…from 0, < 7.42.0-1
- —CVE-2015-3144The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to…from 0, < 7.42.0-1
- from 0, < 7.21.0-2.1+squeeze12
- from 0, < 7.26.0-1+wheezy13
- from 0, < 7.42.0-1
- from 0, < 7.26.0-1+wheezy12
- from 0, < 7.21.0-2.1+squeeze11
- from 0, < 7.38.0-4
- —CVE-2014-3620cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a coo…from 0, < 7.38.0-1
- from 0, < 7.26.0-1+wheezy10
- from 0, < 7.38.0-1
- from 0, < 7.21.0-2.1+squeeze9
- from 0, < 7.38.0-3
- from 0, < 7.26.0-1+wheezy11
- from 0, < 7.21.0-2.1+squeeze10
- —CVE-2014-0139cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in th…from 0, < 7.36.0-1
- from 0, < 7.21.0-2.1+squeeze8
- from 0, < 7.36.0-1
- from 0, < 7.35.0-1
- from 0, < 7.21.0-2.1+squeeze7
- from 0, < 7.26.0-1+wheezy7
- from 0, < 7.34.0-1
- from 0, < 7.33.0-1
- from 0, < 7.21.0-2.1+squeeze5
- from 0, < 7.21.0-2.1+squeeze4
- from 0, < 7.31.0-1
- from 0, < 7.29.0-2.1
- from 0, < 7.21.0-2.1+squeeze3
- —CVE-2013-0249Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.…from 0, < 7.29.0-1
- —CVE-2012-0036curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows re…from 0, < 7.24.0-1
- from 0, < 7.24.0-1
- from 0, < 7.18.2-8lenny6
- from 0, < 7.21.6-2
- from 0, < 7.18.2-8lenny5
- from 0, < 7.18.2-8lenny4
- from 0, < 7.20.0-1
- from 0, < 7.15.5-1etch3
- from 0, < 7.19.5-1.1
- from 0, < 7.18.2-8.1
- from 0, < 7.15.5-1etch2
- from 0, < 7.15.5-1etch1
- from 0, < 7.16.4-1
- —CVE-2006-1061Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (…from 0, < 7.15.3-1
- —CVE-2005-4077Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a d…from 0, < 7.15.1-1
- from 0, < 7.9.5-1woody2
- from 0, < 7.15.0-1