| Max CVSS | 6.4 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-0138 | 6.4 |
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connec
|
09-10-2018 - 19:36 | 15-04-2014 - 14:55 | |
| CVE-2014-0015 | 4.0 |
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
|
09-10-2018 - 19:35 | 02-02-2014 - 00:55 | |
| CVE-2014-0139 | 5.8 |
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to sp
|
16-12-2017 - 02:29 | 15-04-2014 - 14:55 | |
| CVE-2014-2522 | 4.0 |
curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certifica
|
29-04-2017 - 01:59 | 18-04-2014 - 22:14 |