| Max CVSS | 5.0 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-7468 | 5.0 |
In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resu
|
09-10-2019 - 23:29 | 16-07-2018 - 13:29 | |
| CVE-2017-7407 | 2.1 |
The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argum
|
03-10-2019 - 00:03 | 03-04-2017 - 20:59 | |
| CVE-2017-1000101 | 4.3 |
curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl rea
|
13-11-2018 - 11:29 | 05-10-2017 - 01:29 | |
| CVE-2017-1000100 | 4.3 |
When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untr
|
13-11-2018 - 11:29 | 05-10-2017 - 01:29 | |
| CVE-2017-1000099 | 4.3 |
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which
|
01-11-2017 - 19:23 | 05-10-2017 - 01:29 |