curl 7.10

curl: negotiate not treated as connection-oriented (incomplete fix for CVE-2015-3148)

curl: HTTP authentication leak in redirects

curl: POST following PUT confusion

curl: TELNET option IAC injection

security flaw

security flaw

gzip integer overflow

curl: NTLM credentials not-checked for proxy connection re-use

curl: local file access via unsafe redirects

curl: Loop counter error, leading to heap-based buffer overflow when decoding certain URLs

wrong proxy connection reuse with credentials

bad reuse of HTTP Negotiate connection

curl: auth/cookie leak on redirect

curl: wrong re-use of connections in libcurl

curl: printf floating point buffer overflow

curl: siglongjmp race condition may lead to crash

curl: IP address wildcard certificate validation issue in libcurl

curl: credential leak on redirect

curl: Invalid URL parsing with '#'

curl: Double-free in krb5 code

curl: Double-free in curl_maprintf

curl: Cookie injection for other servers

curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure

curl: more POST-after-PUT confusion

curl: Cookie domain suffix match vulnerability

curl: incorrect handling of IP addresses in cookie domain

curl: re-using authenticated connection when unauthenticated

curl: Negotiate not treated as connection-oriented

curl: sensitive HTTP server headers also sent to proxies

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

curl: re-use of wrong HTTP NTLM connection in libcurl

curl: Case insensitive password comparison

curl: FTP PASV command response can cause curl to connect to arbitrary host

curl: Bad connection reuse due to flawed path name checks

curl: Incorrect handling of control code characters in cookies

curl: Use-after-free via shared cookies

curl: Out-of-bounds write via unchecked multiplication

curl: TELNET stack contents disclosure

curl: --write-out out of bounds read