Vulnerabilities > Haxx > Curl
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-16 | CVE-2019-5481 | Double Free vulnerability in multiple products Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. | 9.8 |
| 2019-07-02 | CVE-2019-5443 | Uncontrolled Search Path Element vulnerability in multiple products A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. | 7.8 |
| 2019-05-28 | CVE-2019-5435 | Integer Overflow or Wraparound vulnerability in Haxx Curl An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. | 3.7 |
| 2018-10-31 | CVE-2018-16842 | Out-of-bounds Read vulnerability in multiple products Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. | 9.1 |
| 2018-10-31 | CVE-2018-16840 | Use After Free vulnerability in multiple products A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. | 9.8 |
| 2018-10-31 | CVE-2018-16839 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. | 9.8 |
| 2018-08-23 | CVE-2003-1605 | Credentials Management vulnerability in Haxx Curl curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server. | 7.5 |
| 2018-08-01 | CVE-2016-8625 | Unspecified vulnerability in Haxx Curl curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. | 7.5 |
| 2018-08-01 | CVE-2016-8623 | Unspecified vulnerability in Haxx Curl A flaw was found in curl before version 7.51.0. | 7.5 |
| 2018-08-01 | CVE-2016-8620 | Integer Overflow or Wraparound vulnerability in Haxx Curl The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. | 9.8 |