| Max CVSS | 9.0 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-3148 | 5.0 |
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
|
30-10-2018 - 16:27 | 24-04-2015 - 14:59 | |
| CVE-2015-3145 | 7.5 |
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via
|
30-10-2018 - 16:27 | 24-04-2015 - 14:59 | |
| CVE-2015-3237 | 6.4 |
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.
|
17-10-2018 - 01:29 | 22-06-2015 - 19:59 | |
| CVE-2015-3236 | 5.0 |
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain
|
17-10-2018 - 01:29 | 22-06-2015 - 19:59 | |
| CVE-2015-3144 | 9.0 |
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via
|
17-10-2018 - 01:29 | 24-04-2015 - 14:59 | |
| CVE-2015-3143 | 5.0 |
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.
|
05-01-2018 - 02:30 | 24-04-2015 - 14:59 |