haxx

199 tracked vulnerabilities.

CVE-2016-8625 MEDIUM
curl < 7.51.0 - Unauthenticated Host Spoofing via Outdated IDNA 2003 Standard
Aug 01, 2018
CVSS 5.3
EPSS 0.04
CVE-2016-8623 LOW
curl < 7.51.0 - Use-After-Free in Cookie Handling
Aug 01, 2018
CVSS 3.3
EPSS 0.03
CVE-2016-8620 MEDIUM
curl < 7.51.0 - Integer Overflow via Globbing Feature
Aug 01, 2018
CVSS 6.5
EPSS 0.04
CVE-2016-8619 MEDIUM
curl < 7.51.0 - Use-After-Free in read_data()
Aug 01, 2018
CVSS 5.3
EPSS 0.05
CVE-2016-8616 LOW
curl < 7.51.0 - Authentication Bypass via Case-Insensitive Credential Reuse
Aug 01, 2018
CVSS 3.7
EPSS 0.03
CVE-2016-8615 MEDIUM
curl < 7.51.0 - Cookie Injection via Cookie Jar File
Aug 01, 2018
CVSS 5.3
EPSS 0.04
CVE-2016-8621 MEDIUM
curl < 7.51.0 - Out-of-bounds Read in curl_getdate
Jul 31, 2018
CVSS 5.3
EPSS 0.05
CVE-2016-8617 LOW
curl < 7.51.0 - Out-of-bounds Write via Base64 Encode Function
Jul 31, 2018
CVSS 3.3
EPSS 0.01
CVE-2016-8624 MEDIUM
curl < 7.51.0 - URL Authority Parsing Flaw via Hostname Ending with '#'
Jul 31, 2018
CVSS 5.3
EPSS 0.06
CVE-2016-8622 LOW
libcurl < 7.51.0 - Integer Overflow in URL Percent-Encoding Decode Function
Jul 31, 2018
CVSS 3.7
EPSS 0.05
CVE-2016-8618 MEDIUM
curl < 7.51.0 - Use-After-Free via Unsafe size_t Multiplication in curl_maprintf()
Jul 31, 2018
CVSS 5.3
EPSS 0.05
CVE-2016-9594 MEDIUM
curl < 7.52.1 - Improper Initialization in Random Value Generation
Apr 23, 2018
CVSS 6.5
EPSS 0.03
CVE-2016-9586 MEDIUM
curl < 7.52.0 - Buffer Overflow via Large Floating Point Output in printf Implementation
Apr 23, 2018
CVSS 5.9
EPSS 0.05
CVE-2016-9953 CRITICAL
curl 7.30.0-7.51.0 - Out-of-bounds Read via Wildcard Certificate Name
Mar 12, 2018
CVSS 9.8
EPSS 0.02
CVE-2016-9952 HIGH
curl 7.30.0-7.51.0 - Improper Certificate Validation via Wildcard SAN in schannel TLS Backend
Mar 12, 2018
CVSS 8.1
EPSS 0.01
CVE-2016-7167 CRITICAL
Fedora < 7.50.2 - Integer Overflow
Oct 07, 2016
CVSS 9.8
EPSS 0.12
CVE-2016-7141 HIGH
Opensuse Leap < 7.50.1 - Authentication Bypass
Oct 03, 2016
CVSS 7.5
EPSS 0.08
CVE-2016-5421 HIGH
Opensuse Leap < 7.50.0 - Use After Free
Aug 10, 2016
CVSS 8.1
EPSS 0.08
CVE-2016-5420 HIGH
Debian Linux < 7.50.0 - Improper Authorization
Aug 10, 2016
CVSS 7.5
EPSS 0.15
CVE-2016-5419 HIGH
libcurl < 7.50.1 - TLS Session Resumption Bypass via Changed Client Certificate
Aug 10, 2016
CVSS 7.5
EPSS 0.15
CVE-2016-4802 HIGH
curl < 7.49.1 - Untrusted Search Path Vulnerability via DLL Hijacking
Jun 24, 2016
CVSS 7.8
EPSS 0.01
CVE-2016-3739 MEDIUM
curl < 7.49.0 - Server Spoofing via Arbitrary Valid Certificate
May 20, 2016
CVSS 5.3
EPSS 0.06
CVE-2016-0755 HIGH
curl < 7.47.0 - Improper Authentication via NTLM Proxy Connection Reuse
Jan 29, 2016
CVSS 7.3
EPSS 0.09
CVE-2016-0754 MEDIUM
curl < 7.46.0 - Arbitrary File Write via Colon in Remote File Name
Jan 29, 2016
CVSS 5.3
EPSS 0.01
CVE-2015-3237
cURL & libcurl <7.43 - Info Disclosure/DoS
Jun 22, 2015
EPSS 0.09