7.37.0

DATE	CVE	VULNERABILITY TITLE	RISK
2015-01-15	CVE-2014-8150	Remote Security Bypass vulnerability in cURL/libcURL CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. network debian haxx canonical	4.3
2014-11-18	CVE-2014-3620	Cryptographic Issues vulnerability in multiple products cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. network low complexity haxx apple CWE-310	5.0
2014-11-18	CVE-2014-3613	Cryptographic Issues vulnerability in multiple products cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. network low complexity haxx apple CWE-310	5.0
2014-11-15	CVE-2014-3707	Information Exposure vulnerability in multiple products The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. network canonical apple opensuse oracle debian haxx CWE-200	4.3