Vulnerabilities > Haxx

DATE CVE VULNERABILITY TITLE RISK
2020-12-14 CVE-2020-8286 Improper Certificate Validation vulnerability in multiple products
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
network
low complexity
haxx debian fedoraproject CWE-295
5.0
2020-12-14 CVE-2020-8285 Uncontrolled Recursion vulnerability in multiple products
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
network
low complexity
haxx debian fedoraproject CWE-674
5.0
2020-12-14 CVE-2020-8284 Information Exposure vulnerability in multiple products
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
4.3
2020-12-14 CVE-2020-8231 USE After Free vulnerability in Haxx Libcurl
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
network
low complexity
haxx CWE-416
5.0
2020-12-14 CVE-2020-8177 Injection vulnerability in Haxx Curl
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
local
low complexity
haxx CWE-74
4.6
2020-12-14 CVE-2020-8169 Information Exposure vulnerability in Haxx Curl
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
network
low complexity
haxx CWE-200
5.0
2020-02-21 CVE-2016-4606 Multiple Security vulnerability in Apple Mac OS X APPLE-SA-2016-09-20
Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions.
network
low complexity
haxx apple
7.5
2019-09-16 CVE-2019-5482 Classic Buffer Overflow vulnerability in Haxx Curl
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
network
low complexity
haxx CWE-120
7.5
2019-09-16 CVE-2019-5481 Double Free vulnerability in Haxx Curl
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
network
low complexity
haxx CWE-415
7.5
2019-07-02 CVE-2019-5443 Code Injection vulnerability in Haxx Curl
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation.
local
low complexity
haxx microsoft CWE-94
4.6