haxx

181 tracked vulnerabilities.

CVE-2023-27536 MEDIUM
libcurl < 8.0.0 - Authentication Bypass via Connection Reuse
Mar 30, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-27535 MEDIUM
libcurl < 8.0.0 - Authentication Bypass via FTP Connection Reuse
Mar 30, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-27534 HIGH
curl < 8.0.0 - Path Traversal via SFTP Tilde Character Handling
Mar 30, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-27533 HIGH
curl < 8.0 - Remote Code Execution via TELNET Protocol Input Validation
Mar 30, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-23916 MEDIUM
curl 7.57.0-7.87.0 - Denial of Service via HTTP Compression Header Chain
Feb 23, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-23915 MEDIUM
curl 7.77.0-7.87.0 - Cleartext Transmission of Sensitive Information via HSTS Cache Overwrite
Feb 23, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-23914 CRITICAL
curl < 7.88.0 - Cleartext Transmission of Sensitive Information via HSTS State Mismanagement
Feb 23, 2023
CVSS 9.1
EPSS 0.00
CVE-2022-43552 MEDIUM
curl < 7.87.0 - Use-After-Free in HTTP Proxy Tunnel Shutdown
Feb 09, 2023
CVSS 5.9
EPSS 0.00
CVE-2022-43551 HIGH
curl < 7.87.0 - Cleartext Transmission of Sensitive Information via HSTS Bypass
Dec 23, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-35260 MEDIUM
curl 7.84.0-7.85.0 - Out-of-bounds Read in .netrc Parser
Dec 05, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-32221 CRITICAL
curl - Exposure of Sensitive Information via Reused Handle Logic
Dec 05, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-42915 HIGH
curl 7.77.0-7.85.0 - Double Free via HTTP Proxy CONNECT Error Handling
Oct 29, 2022
CVSS 8.1
EPSS 0.00
CVE-2022-42916 HIGH
curl 7.77.0-7.85.0 - Cleartext Transmission of Sensitive Information via IDN Character Bypass
Oct 29, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-35252 LOW
curl < 7.85.0 - Denial of Service via Cookie Control Code Injection
Sep 23, 2022
CVSS 3.7
EPSS 0.00
CVE-2022-32208 MEDIUM
curl 7.16.4-7.83.1 - Man-In-The-Middle Attack via FTP KRB5 Message Verification Failure
Jul 07, 2022
CVSS 5.9
EPSS 0.00
CVE-2022-32207 CRITICAL
curl 7.69.0-7.83.1 - Unauthenticated File Permission Overwrite via Atomic Rename
Jul 07, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-32206 MEDIUM
curl < 7.84.0 - Denial of Service via Unbounded HTTP Compression Chain
Jul 07, 2022
CVSS 6.5
EPSS 0.03
CVE-2022-32205 MEDIUM
curl 7.71.0-7.84.0 - Denial of Service via Excessive Set-Cookie Headers
Jul 07, 2022
CVSS 4.3
EPSS 0.02
CVE-2022-30115 MEDIUM
curl 7.82.0-7.83.0 - Cleartext Transmission of Sensitive Information via HSTS Bypass
Jun 02, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-27782 HIGH
curl < 7.83.1 - Improper Certificate Validation
Jun 02, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-27781 HIGH
curl < 7.83.1 - Denial of Service via Malicious Server Certificate Chain
Jun 02, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-27780 HIGH
curl 7.80.0-7.83.0 - URL Hostname Spoofing via Percent-Encoded Separator Bypass
Jun 02, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-27779 MEDIUM
curl 7.82.0-7.83.0 - Cookie Injection for Top-Level Domains via Trailing Dot Bypass
Jun 02, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-27778 HIGH
cURL - Use of Incorrectly Resolved Name
Jun 02, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-27776 MEDIUM
curl < 7.83.0 - Credential Leak via HTTP Redirect to Different Port
Jun 02, 2022
CVSS 6.5
EPSS 0.01
Products
curl 142 libcurl 61
Quick Filters
Critical CVEs With Exploits In CISA KEV