curl (SUSE:Linux Enterprise Server for SAP Applications 12 SP1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server for SAP Applications 12 SP1 package curl, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (25)
CVE-2016-7167 — CVSS 9.8 (critical): Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl…
CVE-2019-3822 — CVSS 9.8 (critical): libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM…
CVE-2018-1000301 — CVSS 9.1 (critical): curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can…
CVE-2016-5421 — CVSS 8.1 (high): Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified…
CVE-2019-5436 — CVSS 7.8 (high): A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
CVE-2016-7141 — CVSS 7.5 (high): curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack…
CVE-2016-5420 — CVSS 7.5 (high): curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote…
CVE-2016-5419 — CVSS 7.5 (high): curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers…
CVE-2018-16890 — CVSS 7.5 (high): libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2…
CVE-2016-0755 — CVSS 7.3 (high): The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which…
CVE-2016-8620 — CVSS 6.5 (medium): The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled…
CVE-2016-9586 — CVSS 5.9 (medium): curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the…
CVE-2016-8624 — CVSS 5.3 (medium): curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character…
CVE-2016-8615 — CVSS 5.3 (medium): A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for…
CVE-2016-8621 — CVSS 5.3 (medium): The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit…
CVE-2016-8619 — CVSS 5.3 (medium): The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
CVE-2016-8618 — CVSS 5.3 (medium): The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t`…
CVE-2019-3823 — CVSS 4.3 (medium): libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for…
CVE-2018-16839 — CVSS 4.3 (medium): Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
CVE-2016-8622 — CVSS 3.7 (low): The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would…
CVE-2016-8616 — CVSS 3.7 (low): A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and…
CVE-2016-8617 — CVSS 3.3 (low): The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at…
CVE-2016-8623 — CVSS 3.3 (low): A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to…
CVE-2017-7407 — CVSS 2.4 (low): The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from…