Haxx CVE - CVE Search - CVE Details

Filtered by vendor Haxx Subscribe

Total 125 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2013-0249	2 Canonical, Haxx	3 Ubuntu Linux, Curl, Libcurl	2016-12-07	7.5 HIGH	N/A
Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message.
CVE-2013-1944	2 Canonical, Haxx	3 Ubuntu Linux, Curl, Libcurl	2016-09-08	5.0 MEDIUM	N/A
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.
CVE-2013-4545	1 Haxx	2 Curl, Libcurl	2016-06-16	4.3 MEDIUM	N/A
cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2013-6422	3 Canonical, Debian, Haxx	3 Ubuntu Linux, Debian Linux, Libcurl	2016-04-07	4.0 MEDIUM	N/A
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.
CVE-2016-0754	2 Haxx, Microsoft	2 Curl, Windows	2016-02-17	5.0 MEDIUM	5.3 MEDIUM
cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name.

Vulnerabilities (CVE)