7.21.6

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-18	CVE-2023-38546	Unspecified vulnerability in Haxx Libcurl This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. network high complexity haxx	3.7
2023-03-30	CVE-2023-27535	Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. network high complexity haxx fedoraproject debian netapp splunk CWE-287	5.9
2023-03-30	CVE-2023-27538	Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. local low complexity haxx fedoraproject debian netapp broadcom splunk CWE-287	5.5
2021-08-05	CVE-2021-22924	Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. network high complexity haxx fedoraproject debian netapp oracle siemens splunk CWE-706	3.7
2021-04-01	CVE-2021-22876	Information Exposure vulnerability in multiple products curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. network low complexity haxx fedoraproject netapp broadcom debian siemens oracle splunk CWE-200	5.3
2020-12-14	CVE-2020-8285	Uncontrolled Recursion vulnerability in multiple products curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. network low complexity haxx debian fedoraproject netapp apple oracle fujitsu siemens splunk CWE-674	7.5
2019-05-28	CVE-2019-5436	Out-of-bounds Write vulnerability in multiple products A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. local low complexity haxx opensuse fedoraproject debian f5 netapp oracle CWE-787	7.8
2018-09-05	CVE-2018-14618	Integer Overflow or Wraparound vulnerability in multiple products curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. network low complexity haxx canonical debian redhat CWE-190 critical	10.0
2018-07-31	CVE-2016-8622	Out-of-bounds Write vulnerability in Haxx Libcurl The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. network low complexity haxx CWE-787 critical	9.8
2017-11-29	CVE-2017-8817	Out-of-bounds Read vulnerability in multiple products The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character. network low complexity haxx debian CWE-125	7.5