Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
haxx curl vulnerabilities and exploits
(subscribe to this query)
606
VMScore
CVE-2016-9594
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
Haxx Curl
605
VMScore
CVE-2016-9952
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 up to and including 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote malicious users to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server ce...
Haxx Curl
1 Github repository
445
VMScore
CVE-2003-1605
curl 7.x prior to 7.10.7 sends CONNECT proxy credentials to the remote server.
Haxx Curl
356
VMScore
CVE-2017-2629
curl prior to 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even whe...
Haxx Curl
668
VMScore
CVE-2016-9953
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 up to and including 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote malicious users to obtain sensitive information, cause a denial of service (crash), or possibly have unspec...
Haxx Curl
1 Github repository
NA
CVE-2024-0853
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.
Haxx Curl 8.5.0
1 Github repository
NA
CVE-2020-19909
Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, fo...
Haxx Curl 7.65.2
NA
CVE-2023-46218
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It coul...
Haxx Curl
Fedoraproject Fedora 39
NA
CVE-2023-46219
When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.
Haxx Curl
Fedoraproject Fedora 38
1 Github repository
NA
CVE-2022-43552
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl...
Haxx Curl
Apple Macos
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »