Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
haxx curl 7.38.0 vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2018-1000005
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The pr...
Haxx Libcurl
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
1 Article
5.3
CVSSv3
CVE-2016-3739
The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl prior to 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote malicious users to spo...
Haxx Curl 7.21.3
Haxx Curl 7.24.0
Haxx Curl 7.35.0
Haxx Curl 7.21.5
Haxx Curl 7.21.1
Haxx Curl 7.32.0
Haxx Curl 7.40.0
Haxx Curl 7.29.0
Haxx Curl 7.48.0
Haxx Curl 7.22.0
Haxx Curl 7.33.0
Haxx Curl 7.45.0
Haxx Curl 7.44.0
Haxx Curl 7.26.0
Haxx Curl 7.23.1
Haxx Curl 7.25.0
Haxx Curl 7.36.0
Haxx Curl 7.21.6
Haxx Curl 7.30.0
Haxx Curl 7.27.0
Haxx Curl 7.38.0
Haxx Curl 7.21.2
7.3
CVSSv3
CVE-2016-0755
The ConnectionExists function in lib/url.c in libcurl prior to 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote malicious users to authenticate as other users via a request, a similar issue to CVE-2014-0015.
Haxx Curl
Canonical Ubuntu Linux 12.04
Debian Debian Linux 7.0
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
NA
CVE-2015-3153
The default configuration for cURL and libcurl prior to 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
Oracle Enterprise Manager Ops Center 12.2.1
Oracle Enterprise Manager Ops Center
Oracle Enterprise Manager Ops Center 12.3.0
Oracle Enterprise Manager Ops Center 12.2.0
Haxx Libcurl
Haxx Curl
Canonical Ubuntu Linux 15.1
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Apple Mac Os X 10.10.4
Debian Debian Linux 8.0
NA
CVE-2015-3144
The fix_hostname function in cURL and libcurl 7.37.0 up to and including 7.41.0 does not properly calculate an index, which allows remote malicious users to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-leng...
Oracle Mysql Enterprise Monitor
Haxx Curl 7.40.0
Haxx Curl 7.38.0
Haxx Curl 7.41.0
Haxx Curl 7.37.1
Haxx Curl 7.37.0
Haxx Curl 7.39.0
Haxx Libcurl 7.37.0
Haxx Libcurl 7.40.0
Haxx Libcurl 7.41.0
Haxx Libcurl 7.38.0
Haxx Libcurl 7.37.1
Haxx Libcurl 7.39
Canonical Ubuntu Linux 12.04
Debian Debian Linux 7.0
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
NA
CVE-2015-3145
The sanitize_cookie_path function in cURL and libcurl 7.31.0 up to and including 7.41.0 does not properly calculate an index, which allows remote malicious users to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie pa...
Fedoraproject Fedora 22
Fedoraproject Fedora 21
Canonical Ubuntu Linux 12.04
Debian Debian Linux 7.0
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Haxx Curl 7.35.0
Haxx Curl 7.32.0
Haxx Curl 7.40.0
Haxx Curl 7.33.0
Haxx Curl 7.36.0
Haxx Curl 7.38.0
Haxx Curl 7.31.0
Haxx Curl 7.41.0
Haxx Curl 7.34.0
Haxx Curl 7.37.1
Haxx Curl 7.37.0
Haxx Curl 7.39.0
Apple Mac Os X 10.10.0
Apple Mac Os X 10.10.4
Apple Mac Os X 10.10.1
1 Github repository
NA
CVE-2014-3620
cURL and libcurl prior to 7.38.0 allow remote malicious users to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.
Haxx Curl 7.35.0
Haxx Curl 7.32.0
Haxx Curl 7.33.0
Haxx Curl 7.36.0
Haxx Curl
Haxx Curl 7.31.0
Haxx Curl 7.34.0
Haxx Curl 7.37.0
Haxx Libcurl 7.37.0
Haxx Libcurl 7.33.0
Haxx Libcurl 7.36.0
Haxx Libcurl 7.34.0
Haxx Libcurl 7.31.0
Haxx Libcurl 7.35.0
Haxx Libcurl
Haxx Libcurl 7.32.0
Apple Mac Os X
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started