34 matches found
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : curl vulnerabilities (USN-8084-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8084-1 advisory. Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate- authenticated HTTP or HTTPS requests...
Siemens SIMATIC and SCALANCE Exposure of Sensitive Information to an Unauthorized Actor (CVE-2025-0167)
When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...
Advisory ROSA-SA-2025-2997
software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-4 affected versions curl-8.7.1-4 CVE-ID: CVE-2024-11053 BDU-ID: 2024-11106 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the netrc file handler of the cURL command line utility is related to insufficient protection of servic...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1715)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1870)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
TencentOS Server 4: curl (TSSA-2025:0237)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0237 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Security Bulletin: AIX is vulnerable to sensitive information disclosure (CVE-2025-0167, CVE-2024-11053) and a denial of service (CVE-2024-9681) due to cURL libcurl
Summary Vulnerabilities in cURL libcurl could allow a remote attacker to obtain sensitive information CVE-2025-0167, CVE-2024-11053 or cause a denial of service CVE-2024-9681. AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with...
SUSE: Security Advisory (SUSE-SU-2025:0369-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1407)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1408)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Azure Linux 3.0 Security Update: curl / mysql (CVE-2025-0167)
The version of curl / mysql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-0167 advisory. - When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the...
CBL Mariner 2.0 Security Update: curl / mysql (CVE-2025-0167)
The version of curl / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-0167 advisory. - When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the...
CVE-2025-0167 affecting package curl for versions less than 8.8.0-6
CVE-2025-0167 affecting package curl for versions less than 8.8.0-6. A patched version of the package is available...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1330)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-0167 affecting package curl for versions less than 8.11.1-3
CVE-2025-0167 affecting package curl for versions less than 8.11.1-3. A patched version of the package is available...
Linux Distros Unpatched Vulnerability : CVE-2025-0167
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under...
Photon OS 5.0: Curl PHSA-2025-5.0-0479
An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0479. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
openSUSE Security Advisory (SUSE-SU-2025:0369-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15: curl / libcurl-devel / libcurl-devel-32bit / libcurl4 / etc (SUSE-SU-2025:0369-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0369-1 advisory. - CVE-2025-0725: Fixed gzip integer overflow bsc1236590 - CVE-2025-0167: Fixed netrc and default...
Curl 7.76.0 < 8.12.0 Default Credential Leak (CVE-2025-0167)
When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...