Lucene search
+L

83 matches found

curl security advisories
curl security advisories
added 2026/03/11 8:0 a.m.15 views

bad reuse of HTTP Negotiate connection

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.5CVSS7.2AI score0.00259EPSS
Exploits0Affected Software2
OSV
OSV
added 2026/03/11 8:0 a.m.3 views

CURL-CVE-2026-1965 bad reuse of HTTP Negotiate connection

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.5CVSS7AI score0.00259EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.4 views

PT-2026-24661

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description libcurl may reuse an incorrect connection when handling Negotiate-authenticated HTTP or HTTPS requests. This occurs because libcurl maintains a pool of recent connections to avoid overhead. A...

7.5CVSS6.7AI score0.00715EPSS
Exploits3References77
Tenable Nessus
Tenable Nessus
added 2026/03/11 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-1965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recen...

6.5CVSS6.8AI score0.00259EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2025/09/12 8:8 a.m.2 views

cups has Authentication bypass with AuthType Negotiate

...

8CVSS7AI score0.00964EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.104 views

K35453761: cURL and libcurl vulnerability CVE-2017-2628

Security Advisory Description cURL, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RH...

9.8CVSS7.9AI score0.0401EPSS
Exploits0Affected Software19
Tenable Nessus
Tenable Nessus
added 2021/02/19 12:0 a.m.39 views

F5 Networks BIG-IP : cURL and libcurl vulnerability (K35453761)

cURL, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6...

9.8CVSS7.1AI score0.17942EPSS
Exploits0References2
Microsoft KB
Microsoft KB
added 2020/01/07 12:0 a.m.8 views

January 7, 2020, update for Office 2016 (KB4464586)

None None...

6.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:30 a.m.34 views

Security Bulletin: Multiple vulnerabilities in curl affect IBM Flex System Manager (FSM)

Summary Multiple security vulnerabilities have been discovered in curl that is embedded in the IBM FSM. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2015-3143 DESCRIPTION: libcurl could allow a remote attacker from within the local network to bypass security...

5CVSS0.9AI score0.17942EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:30 p.m.38 views

Security Bulletin: Vulnerabilities in curl affect IBM Security Network Protection

Summary The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security vulnerabilities have been discovered in libcurl used with IBM Security Network Protection. Vulnerability Details CVEID:...

5CVSS0.7AI score0.17942EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2017/04/07 12:0 a.m.35 views

RedHat Update for curl RHSA-2017:0847-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.17942EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/03/29 6:32 a.m.60 views

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

9.8CVSS6.6AI score0.17942EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/03/29 6:32 a.m.6 views

curl: negotiate not treated as connection-oriented (incomplete fix for CVE-2015-3148)

It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server...

9.8CVSS6.8AI score0.17942EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2017/03/29 12:0 a.m.47 views

curl security update

7.19.7-53 - treat Negotiate authentication as connection-oriented CVE-2017-2628...

9.8CVSS9.4AI score0.0401EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2015/11/19 3:26 a.m.18 views

curl: Negotiate not treated as connection-oriented

It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application using libcurl established a Negotiate authenticated HTTP connection to a server and sent subsequent requests with different credentials, the connection could ...

5CVSS6.9AI score0.17942EPSS
Exploits0References5
securityvulns
securityvulns
added 2015/05/04 12:0 a.m.102 views

[ MDVSA-2015:220 ] curl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:220 http://www.mandriva.com/en/support/security/ Package : curl Date : May 4, 2015 Affected: Business Server 1.0 Problem Description: Updated curl packages fix security vulnerabilities: NTLM-authenticated...

5CVSS8.6AI score0.17942EPSS
Exploits0
Mageia
Mageia
added 2015/05/03 12:19 a.m.46 views

Updated curl packages fix security vulnerabilities

Updated curl packages fix security vulnerabilities: NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user CVE-2015-3143. When parsing HTTP cookies, if the parsed...

7.5CVSS8.8AI score0.3763EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/04/30 12:0 a.m.36 views

Debian DLA-211-1 : curl security update

Several vulnerabilities were discovered in cURL, an URL transfer library : CVE-2015-3143 NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. This is similar to t...

5CVSS7.6AI score0.17942EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2015/04/24 12:0 a.m.49 views

curl: multiple issues

CVE-2015-3143 re-using authenticated connection when unauthenticated: libcurl keeps a pool of its last few connections around after use to fascilitate easy, conventient and completely transparent connection re-use for applications. When doing HTTP requests NTLM authenticated, the entire...

9CVSS0.3AI score0.3763EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2015/04/23 12:0 a.m.41 views

Debian DSA-3232-1 : curl - security update

Several vulnerabilities were discovered in cURL, an URL transfer library : - CVE-2015-3143 NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. This is similar to...

9CVSS7.6AI score0.3763EPSS
Exploits0References10
Rows per page
Query Builder