curl (SUSE:Linux Enterprise Server 12 SP1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP1 package curl, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (18)
CVE-2016-7167 — CVSS 9.8 (critical): Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl…
CVE-2016-5421 — CVSS 8.1 (high): Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified…
CVE-2016-5419 — CVSS 7.5 (high): curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers…
CVE-2016-5420 — CVSS 7.5 (high): curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote…
CVE-2016-7141 — CVSS 7.5 (high): curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack…
CVE-2016-0755 — CVSS 7.3 (high): The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which…
CVE-2016-8620 — CVSS 6.5 (medium): The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled…
CVE-2016-9586 — CVSS 5.9 (medium): curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the…
CVE-2016-8618 — CVSS 5.3 (medium): The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t`…
CVE-2016-8615 — CVSS 5.3 (medium): A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for…
CVE-2016-8619 — CVSS 5.3 (medium): The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
CVE-2016-8621 — CVSS 5.3 (medium): The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit…
CVE-2016-8624 — CVSS 5.3 (medium): curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character…
CVE-2016-8622 — CVSS 3.7 (low): The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would…
CVE-2016-8616 — CVSS 3.7 (low): A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and…
CVE-2016-8623 — CVSS 3.3 (low): A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to…
CVE-2016-8617 — CVSS 3.3 (low): The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at…
CVE-2017-7407 — CVSS 2.4 (low): The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from…