curl (SUSE:Linux Enterprise Point of Sale 11 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Point of Sale 11 SP3 package curl, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2018-1000120 — CVSS 9.8 (critical): A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of…
CVE-2018-1000122 — CVSS 9.1 (critical): A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a…
CVE-2019-5436 — CVSS 7.8 (high): A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
CVE-2020-8177 — CVSS 7.8 (high): curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a…
CVE-2016-5419 — CVSS 7.5 (high): curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers…
CVE-2016-5420 — CVSS 7.5 (high): curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote…
CVE-2016-7141 — CVSS 7.5 (high): curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack…
CVE-2018-1000121 — CVSS 7.5 (high): A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of…
CVE-2021-22898 — CVSS 3.1 (low): curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in…