High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-14	CVE-2020-8177	Injection vulnerability in multiple products curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. local low complexity haxx debian fujitsu siemens splunk CWE-74	7.8
2020-12-14	CVE-2020-8169	Information Exposure vulnerability in multiple products curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). network low complexity haxx siemens debian splunk CWE-200	7.5
2020-02-21	CVE-2016-4606	Multiple Security vulnerability in Apple Mac OS X APPLE-SA-2016-09-20 Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. network low complexity haxx apple	7.5
2019-05-28	CVE-2019-5436	Out-of-bounds Write vulnerability in multiple products A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. local low complexity haxx opensuse fedoraproject debian f5 netapp oracle CWE-787	7.8
2019-02-06	CVE-2019-3823	Out-of-bounds Read vulnerability in multiple products libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. network low complexity haxx canonical debian netapp oracle CWE-125	7.5
2019-02-06	CVE-2018-16890	Integer Overflow or Wraparound vulnerability in multiple products libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. network low complexity haxx canonical debian netapp siemens oracle redhat f5 CWE-190	7.5
2018-10-31	CVE-2018-16840	Use After Free vulnerability in multiple products A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. network low complexity haxx canonical CWE-416	7.5
2018-08-01	CVE-2016-8625	Improper Input Validation vulnerability in Haxx Curl curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. network low complexity haxx CWE-20	7.5
2018-08-01	CVE-2016-8623	Use After Free vulnerability in Haxx Curl A flaw was found in curl before version 7.51.0. network low complexity haxx CWE-416	7.5
2018-08-01	CVE-2016-8615	Resource Injection vulnerability in Haxx Curl A flaw was found in curl before version 7.51. network low complexity haxx CWE-99	7.5