Vulnerabilities > Haxx > Curl > 7.7.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-23 | CVE-2016-9594 | Improper Initialization vulnerability in Haxx Curl curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. | 8.1 |
2018-04-23 | CVE-2016-9586 | Heap-based Buffer Overflow vulnerability in Haxx Curl curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. | 8.1 |
2018-01-24 | CVE-2018-1000007 | libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. | 5.0 |
2017-06-14 | CVE-2017-9502 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Curl In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. | 5.0 |
2016-06-24 | CVE-2016-4802 | Permissions, Privileges, and Access Controls vulnerability in Haxx Curl Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. | 6.9 |
2016-01-29 | CVE-2016-0755 | Improper Authentication vulnerability in multiple products The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. | 5.0 |
2016-01-29 | CVE-2016-0754 | Improper Input Validation vulnerability in Haxx Curl cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name. | 5.0 |
2015-05-01 | CVE-2015-3153 | Information Exposure vulnerability in multiple products The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. | 5.0 |
2014-11-18 | CVE-2014-3620 | Cryptographic Issues vulnerability in multiple products cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. | 5.0 |
2014-11-18 | CVE-2014-3613 | Cryptographic Issues vulnerability in multiple products cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. | 5.0 |