haxx

199 tracked vulnerabilities.

CVE-2022-43552 MEDIUM
curl < 7.87.0 - Use-After-Free in HTTP Proxy Tunnel Shutdown
Feb 09, 2023
CVSS 5.9
EPSS 0.03
CVE-2022-43551 HIGH
curl < 7.87.0 - Cleartext Transmission of Sensitive Information via HSTS Bypass
Dec 23, 2022
CVSS 7.5
EPSS 0.17
CVE-2022-35260 MEDIUM
curl 7.84.0-7.85.0 - Out-of-bounds Read in .netrc Parser
Dec 05, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-32221 CRITICAL
curl - Exposure of Sensitive Information via Reused Handle Logic
Dec 05, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-42915 HIGH
curl 7.77.0-7.85.0 - Double Free via HTTP Proxy CONNECT Error Handling
Oct 29, 2022
CVSS 8.1
EPSS 0.03
CVE-2022-42916 HIGH
curl 7.77.0-7.85.0 - Cleartext Transmission of Sensitive Information via IDN Character Bypass
Oct 29, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-35252 LOW
curl < 7.85.0 - Denial of Service via Cookie Control Code Injection
Sep 23, 2022
CVSS 3.7
EPSS 0.02
CVE-2022-32208 MEDIUM
curl 7.16.4-7.83.1 - Man-In-The-Middle Attack via FTP KRB5 Message Verification Failure
Jul 07, 2022
CVSS 5.9
EPSS 0.07
CVE-2022-32207 CRITICAL
curl 7.69.0-7.83.1 - Unauthenticated File Permission Overwrite via Atomic Rename
Jul 07, 2022
CVSS 9.8
EPSS 0.07
CVE-2022-32206 MEDIUM
curl < 7.84.0 - Denial of Service via Unbounded HTTP Compression Chain
Jul 07, 2022
CVSS 6.5
EPSS 0.32
CVE-2022-32205 MEDIUM
curl 7.71.0-7.84.0 - Denial of Service via Excessive Set-Cookie Headers
Jul 07, 2022
CVSS 4.3
EPSS 0.27
CVE-2022-30115 MEDIUM
curl 7.82.0-7.83.0 - Cleartext Transmission of Sensitive Information via HSTS Bypass
Jun 02, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-27782 HIGH
curl < 7.83.1 - Improper Certificate Validation
Jun 02, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-27781 HIGH
curl < 7.83.1 - Denial of Service via Malicious Server Certificate Chain
Jun 02, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-27780 HIGH
curl 7.80.0-7.83.0 - URL Hostname Spoofing via Percent-Encoded Separator Bypass
Jun 02, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-27779 MEDIUM
curl 7.82.0-7.83.0 - Cookie Injection for Top-Level Domains via Trailing Dot Bypass
Jun 02, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-27778 HIGH
cURL - Use of Incorrectly Resolved Name
Jun 02, 2022
CVSS 8.1
EPSS 0.03
CVE-2022-27776 MEDIUM
curl < 7.83.0 - Credential Leak via HTTP Redirect to Different Port
Jun 02, 2022
CVSS 6.5
EPSS 0.03
CVE-2022-27775 HIGH
curl 7.65.0-7.82.0 - Information Disclosure via IPv6 Connection Reuse
Jun 02, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-27774 MEDIUM
curl 4.9-7.82.0 - Credential Leak via HTTP Redirect
Jun 02, 2022
CVSS 5.7
EPSS 0.02
CVE-2022-22576 HIGH
curl 7.33.0-7.82.0 - Improper Authentication via OAUTH2 Connection Reuse
May 26, 2022
CVSS 8.1
EPSS 0.02
CVE-2021-22947 MEDIUM
curl >=7.20.0 <=7.78.0 - Info Disclosure
Sep 29, 2021
CVSS 5.9
EPSS 0.03
CVE-2021-22946 HIGH
curl >=7.20.0-7.78.0 - Info Disclosure
Sep 29, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-22945 CRITICAL
libcurl <= 7.73.0, 7.78.0 - Use After Free
Sep 23, 2021
CVSS 9.1
EPSS 0.06
CVE-2021-22926 HIGH
libcurl-using applications < - Info Disclosure
Aug 05, 2021
CVSS 7.5
EPSS 0.10