Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
haxx vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-8169
curl 7.62.0 up to and including 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
Haxx Curl
Siemens Simatic Tim 1531 Irc Firmware
Debian Debian Linux 10.0
Siemens Sinec Infrastructure Network Services
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
1 Github repository
7.5
CVSSv3
CVE-2020-8231
Due to use of a dangling pointer, libcurl 7.29.0 up to and including 7.71.1 can use the wrong connection when sending data.
Haxx Libcurl
Siemens Sinec Infrastructure Network Services
Debian Debian Linux 10.0
Oracle Communications Cloud Native Core Policy 1.14.0
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
7.5
CVSSv3
CVE-2020-8285
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
Haxx Libcurl
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Netapp Clustered Data Ontap -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Hci Bootstrap Os -
Netapp Hci Storage Node Firmware -
Apple Mac Os X
Apple Mac Os X 10.14.6
Apple Mac Os X 10.15.7
Apple Macos
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Communications Billing And Revenue Management 12.0.0.3.0
Oracle Essbase 21.2
Oracle Communications Cloud Native Core Policy 1.14.0
Fujitsu M10-1 Firmware
Fujitsu M10-4 Firmware
Fujitsu M10-4s Firmware
Fujitsu M12-1 Firmware
7.5
CVSSv3
CVE-2020-8286
curl 7.41.0 up to and including 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
Haxx Libcurl
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Clustered Data Ontap -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Hci Bootstrap Os -
Netapp Hci Storage Node Firmware -
Apple Mac Os X
Apple Mac Os X 10.14.6
Apple Mac Os X 10.15.7
Apple Macos
Siemens Simatic Tim 1531 Irc Firmware
Siemens Sinec Infrastructure Network Services
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Communications Billing And Revenue Management 12.0.0.3.0
Oracle Essbase 21.2
Oracle Communications Cloud Native Core Policy 1.14.0
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
2 Github repositories
7.5
CVSSv3
CVE-2019-3823
libcurl versions from 7.34.0 to prior to 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set...
Haxx Libcurl
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 9.0
Netapp Clustered Data Ontap
Oracle Http Server 12.2.1.3.0
Oracle Secure Global Desktop 5.4
Oracle Communications Operations Monitor 3.4
Oracle Communications Operations Monitor 4.0
7.5
CVSSv3
CVE-2018-16890
libcurl versions from 7.36.0 to prior to 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vul...
Haxx Libcurl
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 9.0
Netapp Clustered Data Ontap
Siemens Sinema Remote Connect Client
Oracle Http Server 12.2.1.3.0
Oracle Secure Global Desktop 5.4
Oracle Communications Operations Monitor 3.4
Oracle Communications Operations Monitor 4.0
Redhat Enterprise Linux 8.0
F5 Big-ip Access Policy Manager
1 Github repository
7.5
CVSSv3
CVE-2003-1605
curl 7.x prior to 7.10.7 sends CONNECT proxy credentials to the remote server.
Haxx Curl
7.5
CVSSv3
CVE-2017-7468
In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the ol...
Haxx Libcurl
7.3
CVSSv3
CVE-2016-0755
The ConnectionExists function in lib/url.c in libcurl prior to 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote malicious users to authenticate as other users via a request, a similar issue to CVE-2014-0015.
Haxx Curl
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Debian Debian Linux 7.0
6.5
CVSSv3
CVE-2023-46218
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It coul...
Haxx Curl
Fedoraproject Fedora 39
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »