131 matches found
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the process that handles .netrc credential retrieval when a URL is specified with a username but without a password. An attacker can gain unauthorized access to sensitive information by exploiting...
CVE-2026-8926
CVE-2026-8926 affects curl when using a .netrc file for credentials while the URL contains a username (no password). The vulnerability can cause curl to fetch and use the password of another user for the same host if a matching host exists in .netrc, leading to credential disclosure. The issue is...
Astra Linux – Vulnerability in requests
Requests is an HTTP library. Due to an URL parsing issue, versions of Requests before 2.32.4 may expose .netrc credentials to third parties for specific, maliciously crafted URLs. Users should upgrade to version 2.32.4 to resolve this issue. For earlier versions of Requests, the use of the .netrc...
CVE-2026-47357
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the remoteurl parameter in the remote directory scan endpoint POST /v1/iac/iacVersion/cloud/remote/dir/scan when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL...
CVE-2026-47357
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the remoteurl parameter in the remote directory scan endpoint POST /v1/iac/iacVersion/cloud/remote/dir/scan when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL...
EUVD-2026-30957
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the remoteurl parameter in the remote directory scan endpoint POST /v1/iac/iacVersion/cloud/remote/dir/scan when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL...
SUSE-SU-2026:1940-1 Security update for curl
This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. -...
EUVD-2026-29930
When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...
netrc credential leak with reused proxy connection
...
CVE-2026-6429
CVE-2026-6429 affects curl/libcurl. When both a .netrc credentials usage and HTTP redirects are requested, the first-host password could be leaked to the redirected host. The issue is characterized in CVE lists as a netrc credential leak with reused proxy connection. Connected advisories (e.g., S...
CVE-2026-6429
When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...
CVE-2026-6429
When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...
curl 安全漏洞
curl is an open-source tool developed by cURL for transferring data from or to a server. Curl has a security vulnerability, which stems from improper handling of .netrc file credentials and HTTP redirection. This vulnerability may lead to password exposure...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pip (UTSA-2026-016500)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016500 advisory. Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-craft...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : curl vulnerabilities (USN-8227-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8227-1 advisory. It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations....
USN-8227-1 curl vulnerabilities
It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2026-4873 It was discovered that curl incorrectly reused certain HTTP Negotiate connection...
USN-8227-1: curl vulnerabilities
It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2026-4873 It was discovered that curl incorrectly reused certain HTTP Negotiate connection...
CVE-2026-6429
When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...
CURL-CVE-2026-6429 netrc credential leak with reused proxy connection
When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...
Insertion of Sensitive Information Into Sent Data
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the reuse of a proxy connection during HTTP redirects when using .netrc for credentials. An attacker can obtain sensitive credential information by intercepting traffic if both the...