Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
haxx vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-28320
A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()`...
Haxx Curl
Apple Macos
Netapp Clustered Data Ontap -
Netapp Ontap Antivirus Connector -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
1 Github repository
5
CVSSv2
CVE-2020-8169
curl 7.62.0 up to and including 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
Haxx Curl
Siemens Simatic Tim 1531 Irc Firmware
Debian Debian Linux 10.0
Siemens Sinec Infrastructure Network Services
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
1 Github repository
NA
CVE-2022-42916
In curl prior to 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be byp...
Haxx Curl
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Apple Macos
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
5
CVSSv2
CVE-2015-3153
The default configuration for cURL and libcurl prior to 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
Oracle Enterprise Manager Ops Center 12.3.0
Oracle Enterprise Manager Ops Center 12.2.0
Oracle Enterprise Manager Ops Center 12.2.1
Oracle Enterprise Manager Ops Center
Haxx Libcurl
Haxx Curl
Canonical Ubuntu Linux 15.1
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 12.04
Apple Mac Os X 10.10.4
Debian Debian Linux 8.0
5
CVSSv2
CVE-2016-0755
The ConnectionExists function in lib/url.c in libcurl prior to 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote malicious users to authenticate as other users via a request, a similar issue to CVE-2014-0015.
Haxx Curl
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Debian Debian Linux 7.0
6.4
CVSSv2
CVE-2018-1000005
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The pr...
Haxx Libcurl
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 14.04
1 Article
NA
CVE-2022-35260
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will i...
Haxx Curl
Netapp Clustered Data Ontap -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Apple Macos
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
5
CVSSv2
CVE-2020-8231
Due to use of a dangling pointer, libcurl 7.29.0 up to and including 7.71.1 can use the wrong connection when sending data.
Haxx Libcurl
Siemens Sinec Infrastructure Network Services
Debian Debian Linux 10.0
Oracle Communications Cloud Native Core Policy 1.14.0
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
NA
CVE-2022-43551
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mecha...
Haxx Curl
Fedoraproject Fedora 37
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
NA
CVE-2023-28322
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously ...
Haxx Curl
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Apple Macos
Netapp Clustered Data Ontap -
Netapp Ontap Antivirus Connector -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744
privilege escalation
CVE-2024-30253
CVE-2024-3914
cross-site scripting
CVE-2024-31497
CVE-2024-3400
CVE-2024-32341
hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »