Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
haxx curl vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2014-3620
cURL and libcurl prior to 7.38.0 allow remote malicious users to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.
Haxx Curl 7.35.0
Haxx Curl 7.32.0
Haxx Curl 7.33.0
Haxx Curl 7.36.0
Haxx Curl
Haxx Curl 7.31.0
Haxx Curl 7.34.0
Haxx Curl 7.37.0
Haxx Libcurl 7.37.0
Haxx Libcurl 7.33.0
Haxx Libcurl 7.36.0
Haxx Libcurl 7.34.0
Haxx Libcurl 7.31.0
Haxx Libcurl 7.35.0
Haxx Libcurl
Haxx Libcurl 7.32.0
Apple Mac Os X
410
VMScore
CVE-2019-5436
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 up to and including 7.64.1.
Haxx Libcurl
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Leap 15.1
Fedoraproject Fedora 29
Debian Debian Linux 9.0
Debian Debian Linux 10.0
F5 Traffix Signaling Delivery Controller
Netapp Steelstore Cloud Integrated Storage -
Netapp Solidfire -
Netapp Hci Management Node -
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Enterprise Manager Ops Center 12.4.0
Oracle Mysql Server
Oracle Oss Support Tools 20.0
409
VMScore
CVE-2020-8177
curl 7.20.0 up to and including 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
Haxx Curl
Debian Debian Linux 10.0
Fujitsu M10-1 Firmware
Fujitsu M10-4 Firmware
Fujitsu M10-4s Firmware
Fujitsu M12-1 Firmware
Fujitsu M12-2 Firmware
Fujitsu M12-2s Firmware
Siemens Sinec Infrastructure Network Services
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
392
VMScore
CVE-2019-5443
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can d...
Haxx Curl
Oracle Http Server 12.2.1.3.0
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Enterprise Manager Ops Center 12.4.0
Oracle Oss Support Tools 20.0
Oracle Http Server 12.2.1.4.0
Oracle Mysql Server
Netapp Snapcenter -
Netapp Oncommand Unified Manager
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
1 Github repository
384
VMScore
CVE-2022-32205
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requ...
Haxx Curl
Fedoraproject Fedora 35
Debian Debian Linux 11.0
Netapp Element Software -
Netapp Clustered Data Ontap -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Apple Macos
Siemens Scalance Sc622-2c Firmware
Siemens Scalance Sc626-2c Firmware
Siemens Scalance Sc632-2c Firmware
Siemens Scalance Sc636-2c Firmware
Siemens Scalance Sc642-2c Firmware
Siemens Scalance Sc646-2c Firmware
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
384
VMScore
CVE-2022-32206
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, a...
Haxx Curl
Fedoraproject Fedora 35
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Element Software -
Netapp Clustered Data Ontap -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Bootstrap Os -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Siemens Scalance Sc622-2c Firmware
Siemens Scalance Sc626-2c Firmware
Siemens Scalance Sc632-2c Firmware
Siemens Scalance Sc636-2c Firmware
Siemens Scalance Sc642-2c Firmware
Siemens Scalance Sc646-2c Firmware
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
384
VMScore
CVE-2021-22947
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of ca...
Haxx Curl
Fedoraproject Fedora 33
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Cloud Backup -
Netapp Clustered Data Ontap -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
Netapp Solidfire Baseboard Management Controller Firmware -
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Mysql Server
Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.0
2 Github repositories
1 Article
384
VMScore
CVE-2021-22924
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case ins...
Haxx Libcurl
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Cloud Backup -
Netapp Clustered Data Ontap -
Netapp Solidfire & Hci Management Node -
Netapp Solidfire Baseboard Management Controller Firmware -
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Mysql Server
Siemens Sinec Infrastructure Network Services
Siemens Sinema Remote Connect Server
Siemens Logo! Cmr2040 Firmware
Siemens Logo! Cmr2020 Firmware
Siemens Ruggedcomrm 1224 Lte Firmware
Siemens Scalance M804pb Firmware
Siemens Scalance M812-1 Firmware
Siemens Scalance M816-1 Firmware
Siemens Scalance M826-2 Firmware
384
VMScore
CVE-2021-22890
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as ...
Haxx Libcurl
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Hci Storage Node -
Broadcom Fabric Operating System -
Debian Debian Linux 9.0
Siemens Sinec Infrastructure Network Services
Oracle Communications Billing And Revenue Management 12.0.0.3.0
Oracle Essbase 21.2
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
384
VMScore
CVE-2020-8284
A malicious server can use the FTP PASV response to trick curl 7.73.0 and previous versions into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing p...
Haxx Curl
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Clustered Data Ontap -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Hci Storage Node -
Netapp Hci Bootstrap Os -
Apple Mac Os X
Apple Mac Os X 10.14.6
Apple Mac Os X 10.15.7
Apple Macos 11.0.1
Apple Macos 11.1
Apple Macos 11.2
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Communications Billing And Revenue Management 12.0.0.3.0
Oracle Essbase 21.2
Oracle Communications Cloud Native Core Policy 1.14.0
Fujitsu M10-1 Firmware
Fujitsu M10-4 Firmware
2 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »