7.41.0

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-06	CVE-2019-3823	Out-of-bounds Read vulnerability in multiple products libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. network low complexity haxx canonical debian netapp oracle CWE-125	7.5
2019-02-06	CVE-2019-3822	Out-of-bounds Write vulnerability in multiple products libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. network low complexity haxx canonical debian netapp siemens oracle redhat CWE-787 critical	9.8
2019-02-06	CVE-2018-16890	Integer Overflow or Wraparound vulnerability in multiple products libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. network low complexity haxx canonical debian netapp siemens oracle redhat f5 CWE-190	7.5
2018-09-05	CVE-2018-14618	Integer Overflow or Wraparound vulnerability in multiple products curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. network low complexity haxx canonical debian redhat CWE-190 critical	10.0
2018-07-31	CVE-2016-8622	Out-of-bounds Write vulnerability in Haxx Libcurl The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. network low complexity haxx CWE-787 critical	9.8
2017-11-29	CVE-2017-8817	Out-of-bounds Read vulnerability in multiple products The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character. network low complexity haxx debian CWE-125	7.5
2017-11-29	CVE-2017-8816	Integer Overflow or Wraparound vulnerability in multiple products The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields. network low complexity haxx debian CWE-190	7.5
2017-10-31	CVE-2017-1000257	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An IMAP FETCH response line indicates the size of the returned data, in number of bytes. network low complexity haxx debian CWE-119	6.4
2017-10-06	CVE-2017-1000254	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Libcurl libcurl may read outside of a heap allocated buffer when doing FTP. network low complexity haxx CWE-119	7.5
2017-10-05	CVE-2017-1000100	Information Exposure vulnerability in Haxx Libcurl When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. network haxx CWE-200	4.3