CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

CNVD•added 2018/03/22 12:0 a.m.•0 views

Haxx libcurl man-in-the-middle attack vulnerability (CNVD-2018-07226)

Haxx libcurl is a free , open source client-side URL transport library from the Swedish company Haxx. The library supports FTP, FTPS, TFTP, HTTP and so on. A security vulnerability exists in the 'verifycertificate' function in the lib/vtls/schannel.c file in Haxx libcurl versions 7.30.0 through...

8.1CVSS6.9AI score0.00397EPSS

Exploits0References1

CNVD•added 2018/03/22 12:0 a.m.•1 views

Haxx libcurl 'verify_certificate' function out-of-bounds read vulnerability

Haxx libcurl is a free , open source client-side URL transport library from the Swedish company Haxx. The library supports FTP, FTPS, TFTP, HTTP and so on. A security vulnerability exists in the 'verifycertificate' function in the libtls/schannel.c file in Haxx libcurl versions 7.30.0 through...

9.8CVSS6.8AI score0.00557EPSS

Exploits0References1

UbuntuCve•added 2018/03/12 9:29 p.m.•22 views

CVE-2016-9953

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service crash, or possibly have unspecified other impact via a wildcard...

9.8CVSS7.3AI score0.00557EPSS

Exploits0References2

Prion•added 2018/03/12 9:29 p.m.•13 views

Out-of-bounds

7.5CVSS8.2AI score0.00557EPSS

Exploits0References2Affected Software1

Prion•added 2018/03/12 9:29 p.m.•19 views

Code injection

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by ".com....

6.8CVSS7AI score0.00397EPSS

Exploits0References2Affected Software1