Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-19	CVE-2024-32928	The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through. network high complexity google haxx	5.9
2024-07-31	CVE-2024-7264	Out-of-bounds Read vulnerability in Haxx Libcurl libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. network low complexity haxx CWE-125	6.5
2024-07-24	CVE-2024-6874	Out-of-bounds Read vulnerability in Haxx Libcurl 8.8.0 libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode conversions, to and from IDN. network low complexity haxx CWE-125	4.3
2023-03-30	CVE-2023-27535	Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. network high complexity haxx fedoraproject debian netapp splunk CWE-287	5.9
2023-03-30	CVE-2023-27536	Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. network high complexity haxx fedoraproject debian netapp splunk CWE-287	5.9
2023-03-30	CVE-2023-27537	Double Free vulnerability in multiple products A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". network high complexity haxx netapp broadcom splunk CWE-415	5.9
2023-03-30	CVE-2023-27538	Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. local low complexity haxx fedoraproject debian netapp broadcom splunk CWE-287	5.5
2021-04-01	CVE-2021-22876	Information Exposure vulnerability in multiple products curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. network low complexity haxx fedoraproject netapp broadcom debian siemens oracle splunk CWE-200	5.3
2018-07-16	CVE-2017-7468	Improper Certificate Validation vulnerability in Haxx Libcurl In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. network low complexity haxx CWE-295	5.0
2018-01-24	CVE-2018-1000005	Out-of-bounds Read vulnerability in multiple products libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. network low complexity haxx debian canonical CWE-125	6.4