Vulnerabilities > Haxx

DATE CVE VULNERABILITY TITLE RISK
2018-10-31 CVE-2018-16840 Use After Free vulnerability in multiple products
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle.
network
low complexity
haxx canonical CWE-416
7.5
7.5
2018-10-31 CVE-2018-16839 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
network
low complexity
haxx debian canonical CWE-119
critical
 9.8
9.8
2018-09-05 CVE-2018-14618 Integer Overflow or Wraparound vulnerability in multiple products
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code.
network
low complexity
haxx canonical debian redhat CWE-190
critical
 10.0
10
2018-08-23 CVE-2003-1605 Credentials Management vulnerability in Haxx Curl
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.
network
low complexity
haxx CWE-255
5.0
5.0
2018-08-01 CVE-2016-8625 Improper Input Validation vulnerability in Haxx Curl
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.
network
low complexity
haxx CWE-20
7.5
7.5
2018-08-01 CVE-2016-8623 Use After Free vulnerability in Haxx Curl
A flaw was found in curl before version 7.51.0.
network
low complexity
haxx CWE-416
7.5
7.5
2018-08-01 CVE-2016-8620 Integer Overflow or Wraparound vulnerability in Haxx Curl
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.
network
low complexity
haxx CWE-190
critical
 9.8
9.8
2018-08-01 CVE-2016-8619 Double Free vulnerability in Haxx Curl
The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
network
low complexity
haxx CWE-415
critical
 9.8
9.8
2018-08-01 CVE-2016-8616 Credentials Management vulnerability in Haxx Curl
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections.
network
high complexity
haxx CWE-255
5.9
5.9
2018-08-01 CVE-2016-8615 Resource Injection vulnerability in Haxx Curl
A flaw was found in curl before version 7.51.
network
low complexity
haxx CWE-99
7.5
7.5