Vulnerabilities > Haxx > Curl > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-02 | CVE-2022-27781 | Infinite Loop vulnerability in multiple products libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. | 7.5 |
| 2022-06-02 | CVE-2022-27782 | Improper Certificate Validation vulnerability in multiple products libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. | 7.5 |
| 2022-05-26 | CVE-2022-22576 | Missing Authentication for Critical Function vulnerability in multiple products An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. | 8.1 |
| 2021-09-29 | CVE-2021-22946 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). | 7.5 |
| 2021-08-05 | CVE-2021-22926 | Improper Certificate Validation vulnerability in multiple products libcurl-using applications can ask for a specific client certificate to be used in a transfer. | 7.5 |
| 2021-06-11 | CVE-2021-22901 | Use After Free vulnerability in multiple products curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. | 8.1 |
| 2020-12-14 | CVE-2020-8177 | Injection vulnerability in multiple products curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | 7.8 |
| 2020-12-14 | CVE-2020-8169 | Information Exposure vulnerability in multiple products curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). | 7.5 |
| 2020-02-21 | CVE-2016-4606 | Multiple Security vulnerability in Apple Mac OS X APPLE-SA-2016-09-20 Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. | 7.5 |
| 2018-10-31 | CVE-2018-16840 | Use After Free vulnerability in multiple products A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. | 7.5 |