Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Micro 5.1 package curl, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (32)
CVE-2022-32221 — CVSS 9.8 (critical): When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when…
CVE-2023-27533 — CVSS 8.8 (high): A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on…
CVE-2023-27534 — CVSS 8.8 (high): A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as…
CVE-2024-2398 — CVSS 8.6 (high): When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the…
CVE-2022-22576 — CVSS 8.1 (high): An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated…
CVE-2021-22946 — CVSS 7.5 (high): A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server…
CVE-2022-27775 — CVSS 7.5 (high): An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the…
CVE-2022-27781 — CVSS 7.5 (high): libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate…
CVE-2022-27782 — CVSS 7.5 (high): libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited…
CVE-2025-9086 — CVSS 7.5 (high): 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target`…
CVE-2025-0725 — CVSS 7.3 (high): When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option…
CVE-2022-32206 — CVSS 6.5 (medium): curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and…
CVE-2022-27776 — CVSS 6.5 (medium): A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP…
CVE-2024-7264 — CVSS 6.5 (medium): libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically…
CVE-2023-23916 — CVSS 6.5 (medium): An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression…
CVE-2023-46218 — CVSS 6.5 (medium): This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise…
CVE-2024-8096 — CVSS 6.5 (medium): When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server…
CVE-2021-22947 — CVSS 5.9 (medium): When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server…
CVE-2023-27535 — CVSS 5.9 (medium): An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials…
CVE-2023-27536 — CVSS 5.9 (medium): An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established…
CVE-2023-28320 — CVSS 5.9 (medium): A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names…
CVE-2023-28321 — CVSS 5.9 (medium): An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as…
CVE-2022-43552 — CVSS 5.9 (medium): A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP…
CVE-2022-32208 — CVSS 5.9 (medium): When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a…
CVE-2023-27538 — CVSS 5.5 (medium): An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite…
CVE-2025-10148 — CVSS 5.3 (medium): curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed…
CVE-2023-38546 — CVSS 3.7 (low): This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met…
CVE-2023-28322 — CVSS 3.7 (low): An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read…
CVE-2022-35252 — CVSS 3.7 (low): When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back…
CVE-2024-2004 — CVSS 3.5 (low): When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the…
CVE-2025-0167 — CVSS 3.4 (low): When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to…
CVE-2024-11053 — CVSS 3.4 (low): When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host…