7.53.1

DATE	CVE	VULNERABILITY TITLE	RISK
2019-05-28	CVE-2019-5436	Out-of-bounds Write vulnerability in multiple products A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. local low complexity haxx opensuse fedoraproject debian f5 netapp oracle CWE-787	7.8
2019-02-06	CVE-2019-3823	libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. network low complexity haxx canonical debian netapp oracle	7.5
2019-02-06	CVE-2019-3822	Out-of-bounds Write vulnerability in multiple products libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. network low complexity haxx canonical debian netapp siemens oracle redhat CWE-787 critical	9.8
2019-02-06	CVE-2018-16890	Integer Overflow or Wraparound vulnerability in multiple products libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. network low complexity haxx canonical debian netapp siemens oracle redhat f5 CWE-190	7.5
2018-09-05	CVE-2018-14618	Integer Overflow or Wraparound vulnerability in multiple products curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. network low complexity haxx canonical debian redhat CWE-190 critical	9.8
2018-07-16	CVE-2017-7468	Improper Certificate Validation vulnerability in Haxx Libcurl In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. network low complexity haxx CWE-295	7.5
2018-01-24	CVE-2018-1000005	Out-of-bounds Read vulnerability in multiple products libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. network low complexity haxx debian canonical CWE-125 critical	9.1
2017-11-29	CVE-2017-8817	Out-of-bounds Read vulnerability in multiple products The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character. network low complexity haxx debian CWE-125 critical	9.8
2017-11-29	CVE-2017-8816	Integer Overflow or Wraparound vulnerability in multiple products The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields. network low complexity haxx debian CWE-190 critical	9.8
2017-10-31	CVE-2017-1000257	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An IMAP FETCH response line indicates the size of the returned data, in number of bytes. network low complexity haxx debian CWE-119 critical	9.1