|
265531
|
9.8 |
CRITICAL
Network
|
haxx
|
curl
|
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2016-8620
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265532
|
9.8 |
CRITICAL
Network
|
haxx
|
curl
|
The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
|
CWE-415
Double Free
|
CVE-2016-8619
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265533
|
5.9 |
MEDIUM
Network
|
haxx
|
curl
|
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an u…
|
CWE-255
Credentials Management
|
CVE-2016-8616
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265534
|
7.5 |
HIGH
Network
|
haxx
|
curl
|
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookie…
|
-
|
CVE-2016-8615
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265535
|
7.5 |
HIGH
Network
|
haxx
|
curl
|
The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-8621
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265536
|
7.0 |
HIGH
Local
|
haxx
|
curl
|
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.
|
-
|
CVE-2016-8617
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265537
|
7.5 |
HIGH
Network
|
haxx
|
curl
|
curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different ho…
|
-
|
CVE-2016-8624
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265538
|
9.8 |
CRITICAL
Network
|
haxx
|
libcurl
|
The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than …
|
CWE-787
Out-of-bounds Write
|
CVE-2016-8622
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265539
|
9.8 |
CRITICAL
Network
|
haxx
|
curl
|
The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.
|
CWE-415
Double Free
|
CVE-2016-8618
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265540
|
7.5 |
HIGH
Network
|
redhat
|
ansible
|
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and i…
|
CWE-320
Key Management Errors
|
CVE-2016-8614
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
