Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : curl vulnerabilities (USN-8084-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8084-1 advisory. Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate- authenticated HTTP or HTTPS requests...

CLSA-2025-1764029592 curl: Fix of CVE-2025-0167

CVE-2025-0167: fix password leakage issue when using .netrc file with no login or password in default entry and following HTTP redirects...

Siemens SIMATIC and SCALANCE Exposure of Sensitive Information to an Unauthorized Actor (CVE-2025-0167)

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

EUVD-2021-0167

Malware in sbrugna...

Advisory ROSA-SA-2025-2997

software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-4 affected versions curl-8.7.1-4 CVE-ID: CVE-2024-11053 BDU-ID: 2024-11106 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the netrc file handler of the cURL command line utility is related to insufficient protection of servic...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1870)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1715)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

TencentOS Server 4: curl (TSSA-2025:0237)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0237 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Security Bulletin: AIX is vulnerable to sensitive information disclosure (CVE-2025-0167, CVE-2024-11053) and a denial of service (CVE-2024-9681) due to cURL libcurl

Summary Vulnerabilities in cURL libcurl could allow a remote attacker to obtain sensitive information CVE-2025-0167, CVE-2024-11053 or cause a denial of service CVE-2024-9681. AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with...

SUSE: Security Advisory (SUSE-SU-2025:0369-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-0167

The GetResponse for WordPress plugin through 5.5.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2020-0167

In load of ResourceTypes.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-129475100...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1408)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1407)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CBL Mariner 2.0 Security Update: curl / mysql (CVE-2025-0167)

The version of curl / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-0167 advisory. - When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the...

Azure Linux 3.0 Security Update: curl / mysql (CVE-2025-0167)

The version of curl / mysql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-0167 advisory. - When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the...

CVE-2025-0167 affecting package curl for versions less than 8.8.0-6

CVE-2025-0167 affecting package curl for versions less than 8.8.0-6. A patched version of the package is available...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1330)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-0167 affecting package curl for versions less than 8.11.1-3

CVE-2025-0167 affecting package curl for versions less than 8.11.1-3. A patched version of the package is available...

Linux Distros Unpatched Vulnerability : CVE-2025-0167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under...