Lucene search
K

81 matches found

OSV
OSV
added 2026/07/03 7:16 a.m.5 views

ALPINE-CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS6AI score0.00543EPSS
Exploits1References1
EUVD
EUVD
added 2026/07/03 6:14 a.m.8 views

EUVD-2026-41504

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6AI score0.00543EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 6:14 a.m.18 views

CVE-2026-8458

CVE-2026-8458 affects libcurl where, under Negotiate-authenticated requests, a logical error can cause a reused connection to be authenticated for a different service. This could allow a request to be served using credentials for another service, impacting integrity (high) and potentially exposin...

6.5CVSS6AI score0.00543EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/07/03 6:14 a.m.50 views

CVE-2026-8458 wrong reuse for different services

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

0.00543EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/07/03 6:14 a.m.7 views

CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS6AI score0.00543EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.12 views

libcurl 7.43.0 < 8.21.0 Wrong Negotiate Connection Reuse

The version of libcurl installed on the remote host is 7.43.0 prior to 8.21.0. It is, therefore, affected by an improper connection reuse vulnerability: - libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use...

6.5CVSS6AI score0.00543EPSS
Exploits1References2
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS6.1AI score0.00543EPSS
Exploits1References4
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.6 views

wrong reuse for different services

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different "services". libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS5.8AI score0.00543EPSS
Exploits1References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51746

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description A logical error in the connection pooling mechanism allows the software to reuse an incorrect connection for Negotiate-authenticated requests. This occurs even when the requests are configure...

9.8CVSS5.8AI score0.0108EPSS
Exploits5References48
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.13 views

EulerOS Virtualization 2.13.0 : curl (EulerOS-SA-2026-2397)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcu...

6.5CVSS7.8AI score0.00333EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.16 views

EulerOS Virtualization 2.13.1 : curl (EulerOS-SA-2026-2368)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcu...

6.5CVSS7.8AI score0.00333EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.11 views

EulerOS 2.0 SP13 : curl (EulerOS-SA-2026-2283)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to dox000D an Negotiate-authenticated HTTP or HTTPS request.x000D x000D...

6.5CVSS7.4AI score0.00333EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.13 views

EulerOS 2.0 SP11 : curl (EulerOS-SA-2026-2238)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the...

6.5CVSS7.4AI score0.00333EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.12 views

EulerOS 2.0 SP11 : curl (EulerOS-SA-2026-2200)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the...

6.5CVSS7.4AI score0.00333EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.13 views

EulerOS Virtualization 2.12.1 : curl (EulerOS-SA-2026-2072)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.libcur...

6.5CVSS5.6AI score0.00333EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.11 views

EulerOS Virtualization 2.12.0 : curl (EulerOS-SA-2026-2097)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.libcur...

6.5CVSS5.6AI score0.00333EPSS
Exploits2References4
OSV
OSV
added 2026/05/29 1:33 p.m.13 views

OESA-2026-2477 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If...

7.5CVSS5.8AI score0.00639EPSS
Exploits7References8
EUVD
EUVD
added 2026/05/13 6:30 p.m.13 views

EUVD-2026-29923

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...

6.5CVSS5.8AI score0.00414EPSS
Exploits1References4
OSV
OSV
added 2026/05/13 1:1 p.m.8 views

ALPINE-CVE-2026-5545

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...

6.5CVSS5.4AI score0.00414EPSS
Exploits1References1
NVD
NVD
added 2026/05/13 1:1 p.m.11 views

CVE-2026-5545

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...

6.5CVSS0.00414EPSS
Exploits1References3
Rows per page
Query Builder