Vulnerabilities > Haxx > Curl > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-23 | CVE-2023-23914 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. | 9.1 |
| 2022-12-05 | CVE-2022-32221 | Exposure of Resource to Wrong Sphere vulnerability in multiple products When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. | 9.8 |
| 2022-07-07 | CVE-2022-32207 | Incorrect Default Permissions vulnerability in multiple products When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. | 9.8 |
| 2019-09-16 | CVE-2019-5481 | Double Free vulnerability in multiple products Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. | 9.8 |
| 2019-09-16 | CVE-2019-5482 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. | 9.8 |
| 2018-10-31 | CVE-2018-16839 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. | 9.8 |
| 2018-08-01 | CVE-2016-8619 | Double Free vulnerability in Haxx Curl The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. | 9.8 |
| 2018-08-01 | CVE-2016-8620 | Integer Overflow or Wraparound vulnerability in Haxx Curl The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. | 9.8 |
| 2018-07-31 | CVE-2016-8618 | Double Free vulnerability in Haxx Curl The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. | 9.8 |
| 2018-03-12 | CVE-2016-9953 | Out-of-bounds Read vulnerability in Haxx Curl The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read. | 9.8 |