Filtered by vendor Haxx
Subscribe
Total
147 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-7167 | 2 Fedoraproject, Haxx | 2 Fedora, Libcurl | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. | |||||
CVE-2016-7141 | 2 Haxx, Opensuse | 2 Libcurl, Leap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. | |||||
CVE-2016-0755 | 3 Canonical, Debian, Haxx | 3 Ubuntu Linux, Debian Linux, Curl | 2024-02-28 | 5.0 MEDIUM | 7.3 HIGH |
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. | |||||
CVE-2015-3237 | 3 Haxx, Hp, Oracle | 5 Curl, Libcurl, System Management Homepage and 2 more | 2024-02-28 | 6.4 MEDIUM | N/A |
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. | |||||
CVE-2016-5419 | 3 Debian, Haxx, Opensuse | 3 Debian Linux, Libcurl, Leap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. | |||||
CVE-2014-3620 | 2 Apple, Haxx | 3 Mac Os X, Curl, Libcurl | 2024-02-28 | 5.0 MEDIUM | N/A |
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. | |||||
CVE-2014-0139 | 1 Haxx | 2 Curl, Libcurl | 2024-02-28 | 5.8 MEDIUM | N/A |
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | |||||
CVE-2015-3145 | 8 Apple, Canonical, Debian and 5 more | 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more | 2024-02-28 | 7.5 HIGH | N/A |
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. | |||||
CVE-2015-3148 | 7 Apple, Canonical, Debian and 4 more | 8 Mac Os X, Ubuntu Linux, Debian Linux and 5 more | 2024-02-28 | 5.0 MEDIUM | N/A |
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. | |||||
CVE-2014-0015 | 1 Haxx | 2 Curl, Libcurl | 2024-02-28 | 4.0 MEDIUM | N/A |
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. | |||||
CVE-2015-3144 | 4 Canonical, Debian, Haxx and 1 more | 5 Ubuntu Linux, Debian Linux, Curl and 2 more | 2024-02-28 | 9.0 HIGH | N/A |
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80." | |||||
CVE-2014-8151 | 2 Apple, Haxx | 2 Mac Os X, Libcurl | 2024-02-28 | 5.8 MEDIUM | N/A |
The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | |||||
CVE-2015-3143 | 5 Apple, Canonical, Debian and 2 more | 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more | 2024-02-28 | 5.0 MEDIUM | N/A |
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. | |||||
CVE-2014-8150 | 3 Canonical, Debian, Haxx | 3 Ubuntu Linux, Debian Linux, Libcurl | 2024-02-28 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. | |||||
CVE-2014-2522 | 2 Haxx, Microsoft | 3 Curl, Libcurl, Windows | 2024-02-28 | 4.0 MEDIUM | N/A |
curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. | |||||
CVE-2015-3153 | 5 Apple, Canonical, Debian and 2 more | 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. | |||||
CVE-2014-0138 | 2 Debian, Haxx | 3 Debian Linux, Curl, Libcurl | 2024-02-28 | 6.4 MEDIUM | N/A |
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015. | |||||
CVE-2014-3613 | 2 Apple, Haxx | 3 Mac Os X, Curl, Libcurl | 2024-02-28 | 5.0 MEDIUM | N/A |
cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. | |||||
CVE-2014-3707 | 6 Apple, Canonical, Debian and 3 more | 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more | 2024-02-28 | 4.3 MEDIUM | N/A |
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. | |||||
CVE-2013-0249 | 2 Canonical, Haxx | 3 Ubuntu Linux, Curl, Libcurl | 2024-02-28 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message. |