Vulnerabilities > Haxx > Libcurl > 6.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-05 | CVE-2018-14618 | Integer Overflow or Wraparound vulnerability in multiple products curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. | 10.0 |
| 2018-07-31 | CVE-2016-8622 | Out-of-bounds Write vulnerability in Haxx Libcurl The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. | 9.8 |
| 2016-10-07 | CVE-2016-7167 | Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. | 9.8 |
| 2016-10-03 | CVE-2016-7141 | Improper Authentication vulnerability in multiple products curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. | 5.0 |
| 2016-08-10 | CVE-2016-5421 | Use After Free vulnerability in multiple products Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. | 8.1 |
| 2016-08-10 | CVE-2016-5420 | Improper Authorization vulnerability in multiple products curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. | 7.5 |
| 2016-08-10 | CVE-2016-5419 | Cryptographic Issues vulnerability in multiple products curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. | 7.5 |
| 2015-05-01 | CVE-2015-3153 | Information Exposure vulnerability in multiple products The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. | 5.0 |
| 2015-01-15 | CVE-2014-8150 | Remote Security Bypass vulnerability in cURL/libcURL CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. | 4.3 |
| 2014-11-18 | CVE-2014-3620 | Cryptographic Issues vulnerability in multiple products cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. | 5.0 |