| CVE-2022-30115 |
Medium |
No |
Information disclosure |
A vulnerability was found in curl. This issue occurs because when using its HTTP Strict Transport Security(HSTS) support, it can instruct curl to use HTTPS... |
| CVE-2022-27782 |
Medium |
Unknown |
Unknown |
libcurl would reuse a previously created connection even when a TLS or SSH related option had been changed that should have prohibited reuse. libcurl keeps... |
| CVE-2022-27781 |
Low |
Unknown |
Unknown |
libcurl provides the `CURLOPT_CERTINFO` option to allow applications to request details to be returned about a TLS server's certificate chain. Due to an... |
| CVE-2022-27780 |
Medium |
Unknown |
Unknown |
The curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the host name part of a URL, making it a *different* URL using the... |
| CVE-2022-27779 |
Medium |
Unknown |
Unknown |
libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if the host name is provided with a trailing dot. This can allow arbitrary sites... |
| CVE-2022-27778 |
Medium |
Unknown |
Unknown |
If curl adds a number to not "clobber" the output and an error occurs during transfer, the remove on error logic would remove the *original* file name... |