haxx

199 tracked vulnerabilities.

CVE-2024-6874 MEDIUM
libcurl - Out-of-bounds Read in curl_url_get() via Punycode Conversion
Jul 24, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-6197 HIGH
libcurl 8.6.0-8.8.9 - Use-After-Free in ASN1 UTF-8 String Parser
Jul 24, 2024
CVSS 7.5
EPSS 0.04
CVE-2024-2466 MEDIUM
libcurl - SSL/TLS Certificate Check Bypass
Mar 27, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-2398 HIGH
curl 7.44.0-8.6.0 - Memory Leak via HTTP/2 Server Push Header Limit Abort
Mar 27, 2024
CVSS 8.6
EPSS 0.36
CVE-2024-2379 MEDIUM
curl - Improper Certificate Validation in wolfSSL QUIC Connection
Mar 27, 2024
CVSS 6.3
EPSS 0.02
CVE-2024-2004 LOW
curl 7.85.0-8.6.0 - Protocol Filter Bypass via Empty Protocol Set
Mar 27, 2024
CVSS 3.5
EPSS 0.02
CVE-2024-0853 MEDIUM
curl - Improper Certificate Validation via OCSP Stapling Bypass
Feb 03, 2024
CVSS 5.3
EPSS 0.01
CVE-2023-46219 MEDIUM
curl 7.84.0-8.4.0 - Missing Encryption of Sensitive Data via HSTS File Handling
Dec 12, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-46218 MEDIUM
curl 7.46.0-8.4.0 - Super Cookie Injection via Public Suffix Case Bypass
Dec 07, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-38546 LOW
libcurl 7.9.1-8.4.0 - Cookie Injection via Easy Handle Duplication
Oct 18, 2023
CVSS 3.7
EPSS 0.06
CVE-2023-38545 CRITICAL
libcurl 7.69.0-8.4.0 - Heap-Based Buffer Overflow in SOCKS5 Proxy Handshake
Oct 18, 2023
CVSS 9.8
EPSS 0.78
CVE-2023-38039 HIGH
curl 7.84.0-8.2.0 - Denial of Service via Unbounded HTTP Response Header Storage
Sep 15, 2023
CVSS 7.5
EPSS 0.62
CVE-2023-28322 LOW
curl < 8.1.0 - Information Disclosure via Reused Handle PUT-to-POST Transition
May 26, 2023
CVSS 3.7
EPSS 0.02
CVE-2023-28321 MEDIUM
curl < 8.1.0 - Improper Certificate Validation via Wildcard Pattern Matching
May 26, 2023
CVSS 5.9
EPSS 0.02
CVE-2023-28320 MEDIUM
curl < 8.1.0 - Denial of Service via Synchronous Resolver Race Condition
May 26, 2023
CVSS 5.9
EPSS 0.03
CVE-2023-28319 HIGH
curl < 8.1.0 - Use-After-Free in SSH Server Public Key Verification
May 26, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-27538 MEDIUM
libcurl < 8.0.0 - Authentication Bypass via SSH Connection Reuse
Mar 30, 2023
CVSS 5.5
EPSS 0.01
CVE-2023-27537 MEDIUM
libcurl < 8.0.0 - Double Free via HSTS Data Sharing
Mar 30, 2023
CVSS 5.9
EPSS 0.02
CVE-2023-27536 MEDIUM
libcurl < 8.0.0 - Authentication Bypass via Connection Reuse
Mar 30, 2023
CVSS 5.9
EPSS 0.02
CVE-2023-27535 MEDIUM
libcurl < 8.0.0 - Authentication Bypass via FTP Connection Reuse
Mar 30, 2023
CVSS 5.9
EPSS 0.02
CVE-2023-27534 HIGH
curl < 8.0.0 - Path Traversal via SFTP Tilde Character Handling
Mar 30, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-27533 HIGH
curl < 8.0 - Remote Code Execution via TELNET Protocol Input Validation
Mar 30, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-23916 MEDIUM
curl 7.57.0-7.87.0 - Denial of Service via HTTP Compression Header Chain
Feb 23, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-23915 MEDIUM
curl 7.77.0-7.87.0 - Cleartext Transmission of Sensitive Information via HSTS Cache Overwrite
Feb 23, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-23914 CRITICAL
curl < 7.88.0 - Cleartext Transmission of Sensitive Information via HSTS State Mismanagement
Feb 23, 2023
CVSS 9.1
EPSS 0.01