High

DATE	CVE	VULNERABILITY TITLE	RISK
2016-08-10	CVE-2016-5421	Use After Free vulnerability in multiple products Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. network high complexity opensuse haxx canonical debian fedoraproject CWE-416	8.1
2016-08-10	CVE-2016-5420	Improper Authorization vulnerability in multiple products curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. network low complexity debian haxx opensuse CWE-285	7.5
2016-08-10	CVE-2016-5419	Cryptographic Issues vulnerability in multiple products curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. network low complexity haxx debian opensuse CWE-310	7.5
2016-06-24	CVE-2016-4802	Permissions, Privileges, and Access Controls vulnerability in Haxx Curl Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. local low complexity haxx CWE-264	7.8
2016-01-29	CVE-2016-0755	Improper Authentication vulnerability in multiple products The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. network low complexity haxx canonical debian CWE-287	7.3
2005-05-02	CVE-2005-0490	Incorrect Calculation of Buffer Size vulnerability in Haxx Curl and Libcurl Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. network low complexity haxx CWE-131	8.8