Vulnerabilities > Haxx > Curl > 7.21.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-14 | CVE-2020-8177 | Injection vulnerability in multiple products curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | 7.8 |
| 2020-02-21 | CVE-2016-4606 | Unspecified vulnerability in Haxx Curl Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. | 9.8 |
| 2019-09-16 | CVE-2019-5482 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. | 9.8 |
| 2019-07-02 | CVE-2019-5443 | Uncontrolled Search Path Element vulnerability in multiple products A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. | 7.8 |
| 2018-10-31 | CVE-2018-16842 | Out-of-bounds Read vulnerability in multiple products Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. | 9.1 |
| 2018-08-01 | CVE-2016-8625 | Unspecified vulnerability in Haxx Curl curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. | 7.5 |
| 2018-08-01 | CVE-2016-8623 | Unspecified vulnerability in Haxx Curl A flaw was found in curl before version 7.51.0. | 7.5 |
| 2018-08-01 | CVE-2016-8620 | Integer Overflow or Wraparound vulnerability in Haxx Curl The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. | 9.8 |
| 2018-08-01 | CVE-2016-8619 | Double Free vulnerability in Haxx Curl The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. | 9.8 |
| 2018-08-01 | CVE-2016-8616 | Credentials Management vulnerability in Haxx Curl A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. | 5.9 |