Vulnerabilities > Haxx

DATE CVE VULNERABILITY TITLE RISK
2019-02-06 CVE-2019-3823 Out-of-bounds Read vulnerability in multiple products
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP.
network
low complexity
haxx canonical debian netapp oracle CWE-125
7.5
7.5
2019-02-06 CVE-2019-3822 Out-of-bounds Write vulnerability in multiple products
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow.
network
low complexity
haxx canonical debian netapp siemens oracle redhat CWE-787
critical
 9.8
9.8
2019-02-06 CVE-2018-16890 Integer Overflow or Wraparound vulnerability in multiple products
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. 		7.5
7.5
2018-10-31 CVE-2018-16842 Out-of-bounds Read vulnerability in multiple products
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
network
low complexity
haxx canonical debian CWE-125
6.4
6.4
2018-10-31 CVE-2018-16840 Use After Free vulnerability in multiple products
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle.
network
low complexity
haxx canonical CWE-416
7.5
7.5
2018-10-31 CVE-2018-16839 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
network
low complexity
haxx debian canonical CWE-119
critical
 9.8
9.8
2018-09-05 CVE-2018-14618 Integer Overflow or Wraparound vulnerability in multiple products
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code.
network
low complexity
haxx canonical debian redhat CWE-190
critical
 10.0
10
2018-08-23 CVE-2003-1605 Credentials Management vulnerability in Haxx Curl
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.
network
low complexity
haxx CWE-255
5.0
5.0
2018-08-01 CVE-2016-8625 Improper Input Validation vulnerability in Haxx Curl
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.
network
low complexity
haxx CWE-20
7.5
7.5
2018-08-01 CVE-2016-8623 Use After Free vulnerability in Haxx Curl
A flaw was found in curl before version 7.51.0.
network
low complexity
haxx CWE-416
7.5
7.5