7.30.0

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-11	CVE-2021-22898	Missing Initialization of Resource vulnerability in multiple products curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. network high complexity haxx debian fedoraproject oracle siemens splunk CWE-909	3.1
2020-12-14	CVE-2020-8284	A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. network high complexity haxx fedoraproject debian netapp apple oracle fujitsu siemens splunk	3.7
2020-12-14	CVE-2020-8177	Injection vulnerability in multiple products curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. local low complexity haxx debian fujitsu siemens splunk CWE-74	7.8
2020-02-21	CVE-2016-4606	Unspecified vulnerability in Haxx Curl Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. network low complexity haxx critical	9.8
2019-09-16	CVE-2019-5482	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. network low complexity haxx fedoraproject opensuse netapp oracle debian CWE-787 critical	9.8
2019-07-02	CVE-2019-5443	Uncontrolled Search Path Element vulnerability in multiple products A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. local low complexity haxx oracle netapp CWE-427	7.8
2018-10-31	CVE-2018-16842	Out-of-bounds Read vulnerability in multiple products Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. network low complexity haxx canonical debian CWE-125 critical	9.1
2018-08-01	CVE-2016-8625	Unspecified vulnerability in Haxx Curl curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. network low complexity haxx	7.5
2018-08-01	CVE-2016-8623	Unspecified vulnerability in Haxx Curl A flaw was found in curl before version 7.51.0. network low complexity haxx	7.5
2018-08-01	CVE-2016-8620	Integer Overflow or Wraparound vulnerability in Haxx Curl The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. network low complexity haxx CWE-190 critical	9.8