Vulnerabilities > Haxx

DATE CVE VULNERABILITY TITLE RISK
2018-08-01 CVE-2016-8623 Unspecified vulnerability in Haxx Curl
A flaw was found in curl before version 7.51.0.
network
low complexity
haxx
7.5
2018-08-01 CVE-2016-8620 Integer Overflow or Wraparound vulnerability in Haxx Curl
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.
network
low complexity
haxx CWE-190
critical
9.8
2018-08-01 CVE-2016-8619 Double Free vulnerability in Haxx Curl
The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
network
low complexity
haxx CWE-415
critical
9.8
2018-08-01 CVE-2016-8616 Credentials Management vulnerability in Haxx Curl
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections.
network
high complexity
haxx CWE-255
5.9
2018-08-01 CVE-2016-8615 Unspecified vulnerability in Haxx Curl
A flaw was found in curl before version 7.51.
network
low complexity
haxx
7.5
2018-07-31 CVE-2016-8621 Out-of-bounds Read vulnerability in Haxx Curl
The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.
network
low complexity
haxx CWE-125
7.5
2018-07-31 CVE-2016-8617 Unspecified vulnerability in Haxx Curl
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.
local
high complexity
haxx
7.0
2018-07-31 CVE-2016-8624 Unspecified vulnerability in Haxx Curl
curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host.
network
low complexity
haxx
7.5
2018-07-31 CVE-2016-8622 Out-of-bounds Write vulnerability in Haxx Libcurl
The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`.
network
low complexity
haxx CWE-787
critical
9.8
2018-07-31 CVE-2016-8618 Double Free vulnerability in Haxx Curl
The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.
network
low complexity
haxx CWE-415
critical
9.8