Vulnerabilities > Haxx
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-22 | CVE-2020-19909 | Integer Overflow or Wraparound vulnerability in Haxx Curl 7.65.2 Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. | 3.3 |
2023-05-26 | CVE-2023-28319 | Use After Free vulnerability in multiple products A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. | 7.5 |
2023-05-26 | CVE-2023-28320 | Resource Exhaustion vulnerability in multiple products A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. | 5.9 |
2023-05-26 | CVE-2023-28321 | Improper Certificate Validation vulnerability in multiple products An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. | 5.9 |
2023-05-26 | CVE-2023-28322 | An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. | 3.7 |
2023-03-30 | CVE-2023-27533 | Injection vulnerability in multiple products A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. | 8.8 |
2023-03-30 | CVE-2023-27534 | Path Traversal vulnerability in multiple products A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. | 8.8 |
2023-03-30 | CVE-2023-27535 | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. | 5.9 |
2023-03-30 | CVE-2023-27536 | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. | 5.9 |
2023-03-30 | CVE-2023-27537 | Double Free vulnerability in multiple products A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". | 5.9 |