Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
HaxxLibcurl7.33.0

15 matches found

CVE
CVEadded 2014/11/18 3:59 p.m.184 views

CVE-2014-3613

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.

5CVSS9.3AI score0.01343EPSS
CVE
CVEadded 2017/10/06 1:29 p.m.184 views

CVE-2017-1000254

libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double ...

7.5CVSS7.6AI score0.01688EPSS
CVE
CVEadded 2017/10/05 1:29 a.m.179 views

CVE-2017-1000100

When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used...

6.5CVSS6.8AI score0.00455EPSS
CVE
CVEadded 2014/11/15 8:59 p.m.149 views

CVE-2014-3707

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.

4.3CVSS9.2AI score0.00277EPSS
CVE
CVEadded 2014/02/02 12:55 a.m.136 views

CVE-2014-0015

cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.

4CVSS6.2AI score0.02575EPSS
CVE
CVEadded 2015/04/24 2:59 p.m.129 views

CVE-2015-3143

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.

5CVSS7.3AI score0.02575EPSS
CVE
CVEadded 2015/01/15 3:59 p.m.125 views

CVE-2014-8150

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

4.3CVSS8.7AI score0.0215EPSS
CVE
CVEadded 2015/04/24 2:59 p.m.124 views

CVE-2015-3148

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

5CVSS9.1AI score0.01442EPSS
CVE
CVEadded 2014/04/15 2:55 p.m.123 views

CVE-2014-0138

The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue t...

6.4CVSS6.3AI score0.02575EPSS
CVE
CVEadded 2014/04/15 2:55 p.m.120 views

CVE-2014-0139

cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certifica...

5.8CVSS5.2AI score0.01203EPSS
CVE
CVEadded 2014/11/18 3:59 p.m.103 views

CVE-2014-3620

cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.

5CVSS7.1AI score0.01666EPSS
CVE
CVEadded 2015/04/24 2:59 p.m.103 views

CVE-2015-3145

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote cha...

7.5CVSS9.4AI score0.65095EPSS
CVE
CVEadded 2013/12/23 10:55 p.m.74 views

CVE-2013-6422

The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM...

4CVSS6.8AI score0.00344EPSS
CVE
CVEadded 2014/04/18 10:14 p.m.59 views

CVE-2014-2522

curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP ...

4CVSS6AI score0.00245EPSS
CVE
CVEadded 2015/01/15 3:59 p.m.54 views

CVE-2014-8151

The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to...

5.8CVSS6.2AI score0.00424EPSS