Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
haxx libcurl vulnerabilities and exploits
(subscribe to this query)
384
VMScore
CVE-2019-5435
An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.
Haxx Curl
383
VMScore
CVE-2021-22922
When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different...
Haxx Curl
Fedoraproject Fedora 33
Netapp Cloud Backup -
Netapp Clustered Data Ontap -
Netapp Solidfire -
Netapp Hci Management Node -
Oracle Mysql Server
Siemens Sinec Infrastructure Network Services
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
1 Github repository
383
VMScore
CVE-2021-22897
curl 7.61.0 up to and including 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable...
Haxx Curl
Oracle Mysql Server
Oracle Essbase
Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.1
Oracle Communications Cloud Native Core Binding Support Function 1.11.0
Netapp Cloud Backup -
Netapp Solidfire & Hci Management Node -
Netapp Solidfire Baseboard Management Controller Firmware -
Netapp Solidfire, Enterprise Sds & Hci Storage Node -
Netapp Hci Compute Node Firmware -
Netapp H300e Firmware -
Netapp H300s Firmware -
Netapp H410s Firmware -
Netapp H500e Firmware -
Netapp H500s Firmware -
Netapp H700e Firmware -
Netapp H700s Firmware -
Siemens Sinec Infrastructure Network Services
383
VMScore
CVE-2017-1000099
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other priva...
Haxx Libcurl 7.54.1
383
VMScore
CVE-2013-4545
cURL and libcurl 7.18.0 up to and including 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle malicious...
Haxx Curl 7.21.3
Haxx Curl 7.24.0
Haxx Curl 7.18.0
Haxx Curl 7.21.5
Haxx Curl 7.21.1
Haxx Curl 7.32.0
Haxx Curl 7.19.1
Haxx Curl 7.19.6
Haxx Curl 7.29.0
Haxx Curl 7.22.0
Haxx Curl 7.20.0
Haxx Curl 7.20.1
Haxx Curl 7.26.0
Haxx Curl 7.19.7
Haxx Curl 7.19.3
Haxx Curl 7.23.1
Haxx Curl 7.25.0
Haxx Curl 7.19.0
Haxx Curl 7.21.6
Haxx Curl 7.30.0
Haxx Curl 7.27.0
Haxx Curl 7.19.4
383
VMScore
CVE-2011-2192
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 up to and including 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
Haxx Libcurl
Apple Mac Os X
Fedoraproject Fedora 15
Fedoraproject Fedora 14
Debian Debian Linux 5.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
356
VMScore
CVE-2017-2629
curl prior to 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even whe...
Haxx Curl
356
VMScore
CVE-2014-2522
curl and libcurl 7.27.0 up to and including 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when acces...
Haxx Curl 7.27.0
Haxx Curl 7.28.0
Haxx Curl 7.28.1
Haxx Curl 7.29.0
Haxx Curl 7.30.0
Haxx Curl 7.31.0
Haxx Curl 7.32.0
Haxx Curl 7.33.0
Haxx Curl 7.34.0
Haxx Curl 7.35.0
Haxx Libcurl 7.27.0
Haxx Libcurl 7.28.0
Haxx Libcurl 7.28.1
Haxx Libcurl 7.29.0
Haxx Libcurl 7.30.0
Haxx Libcurl 7.31.0
Haxx Libcurl 7.32.0
Haxx Libcurl 7.33.0
Haxx Libcurl 7.34.0
Haxx Libcurl 7.35.0
Haxx Libcurl 7.36.0
356
VMScore
CVE-2013-6422
The GnuTLS backend in libcurl 7.21.4 up to and including 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote malicious users to spoof server...
Debian Debian Linux 7.0
Canonical Ubuntu Linux 13.04
Canonical Ubuntu Linux 13.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
Haxx Libcurl 7.30.0
Haxx Libcurl 7.25.0
Haxx Libcurl 7.33.0
Haxx Libcurl 7.23.0
Haxx Libcurl 7.26.0
Haxx Libcurl 7.31.0
Haxx Libcurl 7.22.0
Haxx Libcurl 7.28.0
Haxx Libcurl 7.21.5
Haxx Libcurl 7.24.0
Haxx Libcurl 7.27.0
Haxx Libcurl 7.23.1
Haxx Libcurl 7.21.6
Haxx Libcurl 7.21.7
Haxx Libcurl 7.32.0
Haxx Libcurl 7.29.0
Haxx Libcurl 7.28.1
232
VMScore
CVE-2021-22923
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents ...
Haxx Curl
Fedoraproject Fedora 33
Netapp Cloud Backup -
Netapp Clustered Data Ontap -
Netapp Solidfire -
Netapp Hci Management Node -
Oracle Mysql Server
Siemens Sinec Infrastructure Network Services
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »