Vulnerabilities > Haxx > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-31 | CVE-2016-8621 | Out-of-bounds Read vulnerability in Haxx Curl The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. | 7.5 |
| 2018-07-31 | CVE-2016-8617 | Unspecified vulnerability in Haxx Curl The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`. | 7.0 |
| 2018-07-31 | CVE-2016-8624 | Unspecified vulnerability in Haxx Curl curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. | 7.5 |
| 2018-07-16 | CVE-2017-7468 | Improper Certificate Validation vulnerability in Haxx Libcurl In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. | 7.5 |
| 2018-04-23 | CVE-2016-9594 | Improper Initialization vulnerability in Haxx Curl curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. | 8.1 |
| 2018-04-23 | CVE-2016-9586 | Unspecified vulnerability in Haxx Curl curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. | 8.1 |
| 2018-03-14 | CVE-2018-1000121 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service | 7.5 |
| 2018-03-12 | CVE-2016-9952 | Improper Certificate Validation vulnerability in Haxx Curl The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com." | 8.1 |
| 2017-10-06 | CVE-2017-1000254 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Libcurl libcurl may read outside of a heap allocated buffer when doing FTP. | 7.5 |
| 2016-10-03 | CVE-2016-7141 | Improper Authentication vulnerability in multiple products curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. | 7.5 |