High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-24	CVE-2024-6197	Unspecified vulnerability in Haxx Libcurl libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. network low complexity haxx	7.5
2023-09-15	CVE-2023-38039	Allocation of Resources Without Limits or Throttling vulnerability in multiple products When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory. network low complexity haxx fedoraproject microsoft CWE-770	7.5
2023-05-26	CVE-2023-28319	Use After Free vulnerability in multiple products A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. network low complexity haxx apple netapp CWE-416	7.5
2023-03-30	CVE-2023-27533	Injection vulnerability in multiple products A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. network low complexity haxx fedoraproject netapp splunk CWE-74	8.8
2023-03-30	CVE-2023-27534	Path Traversal vulnerability in multiple products A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. network low complexity haxx fedoraproject netapp broadcom splunk CWE-22	8.8
2022-12-23	CVE-2022-43551	Cleartext Transmission of Sensitive Information vulnerability in multiple products A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. network low complexity haxx fedoraproject netapp splunk CWE-319	7.5
2022-10-29	CVE-2022-42915	Double Free vulnerability in multiple products curl before 7.86.0 has a double free. network high complexity haxx fedoraproject netapp apple splunk CWE-415	8.1
2022-10-29	CVE-2022-42916	Cleartext Transmission of Sensitive Information vulnerability in multiple products In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. network low complexity haxx fedoraproject apple splunk CWE-319	7.5
2022-06-02	CVE-2022-27775	An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. network low complexity haxx debian netapp brocade splunk	7.5
2022-06-02	CVE-2022-27778	Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. network low complexity haxx netapp oracle splunk CWE-706	8.1