Lucene search
+L

119 matches found

Redos
Redos
added 2025/04/24 12:0 a.m.66 views

ROS-20250424-05

Vulnerability in the netrc file handler of the cURL command line utility is related to insufficient protection of the of service data. Exploitation of the vulnerability could allow an attacker acting remotely to access credentials with HTTP redirection to another resource. access to credentials...

3.4CVSS7.2AI score0.01378EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2025/04/13 12:0 a.m.9 views

CBL Mariner 2.0 Security Update: curl / mysql (CVE-2025-0167)

The version of curl / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-0167 advisory. - When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the...

3.4CVSS6.4AI score0.00663EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/04/11 12:0 a.m.11 views

EulerOS 2.0 SP11 : curl (EulerOS-SA-2025-1349)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the...

7.3CVSS6.9AI score0.01378EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2025/03/20 12:0 a.m.24 views

EulerOS 2.0 SP12 : curl (EulerOS-SA-2025-1290)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the...

3.4CVSS6.8AI score0.01378EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/02/06 3:48 a.m.6 views

SUSE CVE-2025-0167

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

5.3CVSS7AI score0.00663EPSS
Exploits1References8
OSV
OSV
added 2025/02/05 10:15 a.m.9 views

AZL-56478 CVE-2025-0167 affecting package curl for versions less than 8.8.0-6

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

3.4CVSS6.6AI score0.00663EPSS
Exploits1References1
NVD
NVD
added 2025/02/05 10:15 a.m.9 views

CVE-2025-0167

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

3.4CVSS0.00663EPSS
Exploits1References4
OSV
OSV
added 2025/02/05 10:15 a.m.10 views

AZL-56501 CVE-2025-0167 affecting package curl for versions less than 8.11.1-3

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

3.4CVSS6.6AI score0.00663EPSS
Exploits1References1
OSV
OSV
added 2025/02/05 10:15 a.m.5 views

ALPINE-CVE-2025-0167

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

3.4CVSS7AI score0.00663EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/05 9:15 a.m.10 views

CVE-2025-0167 netrc and default credential leak

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

6.8AI score0.00663EPSS
Exploits1References3
CVE
CVE
added 2025/02/05 9:15 a.m.366 views

CVE-2025-0167

The CVE-2025-0167 issue affects curl (libcurl) and arises when both using a .netrc for credentials and following HTTP redirects. The root cause, as described across connected documents, is that the netrc entry can omit login and password (or a default entry omits both), which may allow the passwo...

3.4CVSS7AI score0.00663EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/02/05 9:15 a.m.18 views

CVE-2025-0167 netrc and default credential leak

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

3.4CVSS6.7AI score0.00663EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/02/05 9:15 a.m.27 views

CVE-2025-0167 netrc and default credential leak

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

0.00663EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/02/05 9:15 a.m.17 views

CVE-2025-0167

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

3.4CVSS7.4AI score0.00663EPSS
Exploits1
curl security advisories
curl security advisories
added 2025/02/05 8:0 a.m.38 views

netrc and default credential leak

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

3.4CVSS6.8AI score0.00663EPSS
Exploits1References1Affected Software2
OSV
OSV
added 2025/02/05 8:0 a.m.27 views

CURL-CVE-2025-0167 netrc and default credential leak

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

3.4CVSS4AI score0.00663EPSS
Exploits1
CNNVD
CNNVD
added 2025/02/05 12:0 a.m.2 views

curl 安全漏洞

curl is a cURL open source tool for transferring data from or to a server. A security vulnerability exists in curl versions 7.76.0 through 8.11.1, which stems from the fact that when using a .netrc file and following an HTTP redirect, it is possible to disclose passwords to the target host of the...

3.4CVSS6.1AI score0.00663EPSS
Exploits1References3
OSV
OSV
added 2025/02/05 12:0 a.m.2 views

UBUNTU-CVE-2025-0167

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

3.4CVSS7.1AI score0.00663EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/02/05 12:0 a.m.1 views

PT-2025-5688

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw...

7.5CVSS6.6AI score0.01378EPSS
Exploits7References61
OSV
OSV
added 2025/01/30 7:13 p.m.6 views

BIT-GOLANG-2024-45340

Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file...

8.8CVSS7.8AI score0.00685EPSS
Exploits0References4
Rows per page
Query Builder