Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
haxx vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-42916
In curl prior to 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be byp...
Haxx Curl
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Apple Macos
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
7.5
CVSSv3
CVE-2023-28319
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the ...
Haxx Curl
Apple Macos
Netapp Clustered Data Ontap -
Netapp Ontap Antivirus Connector -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
1 Github repository
5.9
CVSSv3
CVE-2023-28320
A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()`...
Haxx Curl
Apple Macos
Netapp Clustered Data Ontap -
Netapp Ontap Antivirus Connector -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
1 Github repository
NA
CVE-2015-3153
The default configuration for cURL and libcurl prior to 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
Oracle Enterprise Manager Ops Center 12.3.0
Oracle Enterprise Manager Ops Center 12.2.0
Oracle Enterprise Manager Ops Center 12.2.1
Oracle Enterprise Manager Ops Center
Haxx Libcurl
Haxx Curl
Canonical Ubuntu Linux 15.1
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 12.04
Apple Mac Os X 10.10.4
Debian Debian Linux 8.0
9.1
CVSSv3
CVE-2018-1000005
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The pr...
Haxx Libcurl
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 14.04
1 Article
7.3
CVSSv3
CVE-2016-0755
The ConnectionExists function in lib/url.c in libcurl prior to 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote malicious users to authenticate as other users via a request, a similar issue to CVE-2014-0015.
Haxx Curl
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Debian Debian Linux 7.0
6.5
CVSSv3
CVE-2022-35260
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will i...
Haxx Curl
Netapp Clustered Data Ontap -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Apple Macos
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
7.5
CVSSv3
CVE-2020-8231
Due to use of a dangling pointer, libcurl 7.29.0 up to and including 7.71.1 can use the wrong connection when sending data.
Haxx Libcurl
Siemens Sinec Infrastructure Network Services
Debian Debian Linux 10.0
Oracle Communications Cloud Native Core Policy 1.14.0
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
7.5
CVSSv3
CVE-2022-43551
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mecha...
Haxx Curl
Fedoraproject Fedora 37
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
9.8
CVSSv3
CVE-2018-16839
Curl versions 7.33.0 up to and including 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
Haxx Curl
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »