Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
HaxxCurl

9 matches found

CVE
CVEadded 2011/09/06 7:55 p.m.637 views

CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP...

4.3CVSS6.5AI score0.04513EPSS
Web
CVE
CVEadded 2020/12/14 8:15 p.m.358 views

CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service bann...

4.3CVSS6AI score0.00108EPSS
CVE
CVEadded 2019/05/28 7:29 p.m.323 views

CVE-2019-5435

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.

4.3CVSS5.8AI score0.00177EPSS
CVE
CVEadded 2022/07/07 1:15 p.m.238 views

CVE-2022-32205

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl

4.3CVSS6.2AI score0.0164EPSS
CVE
CVEadded 2022/06/02 2:15 p.m.187 views

CVE-2022-30115

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the ...

4.3CVSS5.4AI score0.0005EPSS
CVE
CVEadded 2014/02/02 12:55 a.m.140 views

CVE-2014-0015

cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.

4CVSS6.2AI score0.02575EPSS
CVE
CVEadded 2013/11/23 11:55 a.m.74 views

CVE-2013-4545

cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an ar...

4.3CVSS6.9AI score0.00666EPSS
CVE
CVEadded 2014/04/18 10:14 p.m.60 views

CVE-2014-2522

curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP ...

4CVSS6AI score0.00245EPSS
CVE
CVEadded 2025/05/28 7:15 a.m.60 views

CVE-2025-5025

libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC an...

4.8CVSS6.5AI score0.0002EPSS