FreeBSD VuXML

Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

in the FreeBSD Ports Collection repository, path ports/security/vuxml/vuln.xml
as a local copy
as a local copy, compressed with bzip2
as a local copy, compressed with xz
as a local copy, compressed with zstandard

Please report security issues to the FreeBSD Security Team at <ports-secteam@FreeBSD.org>. Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.

curl

curl at FreshPorts.org

Entered	Topic
2024-02-28	curl -- OCSP verification bypass with TLS session reuse
2023-10-11	curl -- SOCKS5 heap buffer overflow
2023-09-13	curl -- HTTP headers eat all memory
2023-05-19	curl -- multiple vulnerabilities
2023-03-20	curl -- multiple vulnerabilities
2023-03-05	curl -- multiple vulnerabilities
2022-12-14	curl -- multiple vulnerabilities
2022-06-27	cURL -- Multiple vulnerabilities
2022-05-13	curl -- Multiple vulnerabilities
2022-04-28	cURL -- Multiple vulnerabilities
2021-09-17	cURL -- Multiple vulnerabilities
2021-07-21	cURL -- Multiple vulnerabilities
2021-04-10	curl -- Automatic referer leaks credentials
2021-04-10	curl -- TLS 1.3 session ticket proxy host mixup
2020-12-09	cURL -- Multiple vulnerabilities
2020-08-19	curl -- expired pointer dereference vulnerability
2020-06-24	curl -- multiple vulnerabilities
2019-09-14	curl -- multiple vulnerabilities
2019-05-25	curl -- multiple vulnerabilities
2019-02-07	curl -- multiple vulnerabilities
2018-11-01	curl -- multiple vulnerabilities
2018-09-05	curl -- password overflow vulnerability
2018-07-27	curl -- SMTP send heap buffer overflow
2018-05-16	cURL -- multiple vulnerabilities
2018-01-26	cURL -- Multiple vulnerabilities
2017-11-29	cURL -- Multiple vulnerabilities
2017-10-23	cURL -- out of bounds read
2017-10-04	cURL -- out of bounds read
2017-08-09	cURL -- multiple vulnerabilities
2017-06-15	cURL -- URL file scheme drive letter buffer overflow
2017-04-20	cURL -- TLS session resumption client cert bypass (again)
2017-04-05	cURL -- potential memory disclosure
2017-02-22	cURL -- ocsp status validation error
2016-12-24	cURL -- uninitialized random vulnerability
2016-12-22	cURL -- buffer overflow
2016-11-02	cURL -- multiple vulnerabilities
2016-09-14	cURL -- Escape and unescape integer overflows
2016-08-04	Vulnerabilities in Curl
2016-01-27	curl -- Credentials not checked
2015-06-17	cURL -- Multiple Vulnerability
2015-05-26	cURL -- multiple vulnerabilities
2015-05-26	cURL -- sensitive HTTP server headers also sent to proxies
2015-01-09	cURL -- URL request injection vulnerability
2014-04-11	cURL -- inappropriate GSSAPI delegation
2013-12-18	cURL library -- cert name check ignore with GnuTLS
2013-06-23	cURL library -- heap corruption in curl_easy_unescape
2010-04-19	curl -- libcurl buffer overflow vulnerability
2009-03-04	curl -- cURL/libcURL Location: Redirect URLs Security Bypass
2006-03-20	curl -- TFTP packet buffer overflow vulnerability
2005-12-09	curl -- URL buffer overflow vulnerability
2005-02-27	curl -- authentication buffer overflow vulnerability