Lucene search
K

12 matches found

curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.8 views

password leak with netrc and user in URL

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username without a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is n...

9.1CVSS5.8AI score0.0061EPSS
Exploits1References1Affected Software2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.15

A flaw was discovered in cifs-utils. When attempting to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may result in the disclosure of sensitive data from the host’s Kerberos...

5.9CVSS7.3AI score0.00149EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/25 2:42 p.m.157 views

Exploit for Incorrect Authorization in Canonical Ubuntu_Linux

CVE-2023-32629 — OverlayFS Local Full Privilege Escalation Ove...

7.8CVSS7.2AI score0.08894EPSS
Exploits12
RedHat Linux
RedHat Linux
added 2025/01/30 4:56 a.m.16 views

git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs

A flaw was found in the Git LFS git extension. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters and then sends any credentials it receives back from the Gi...

8.5CVSS5.7AI score0.0104EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/01/28 1:29 p.m.15 views

git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs

A flaw was found in the Git LFS git extension. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters and then sends any credentials it receives back from the Gi...

8.5CVSS5.7AI score0.0104EPSS
Exploits0References7
OSV
OSV
added 2024/12/16 12:24 p.m.4 views

USN-7162-1 curl vulnerability

Harry Sintonen discovered that curl incorrectly handled credentials from .netrc files when following HTTP redirects. In certain configurations, the password for the first host could be leaked to the followed-to host, contrary to expectations...

3.4CVSS6.9AI score0.01378EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:47 a.m.6 views

SUSE CVE-2021-20208

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity...

6.1CVSS6.4AI score0.00642EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2022/03/29 1:15 p.m.3 views

CVE-2022-28144

Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...

7.5CVSS5.9AI score0.0079EPSS
Exploits0References3
OSV
OSV
added 2021/04/19 10:15 p.m.2 views

DEBIAN-CVE-2021-20208

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity...

6.1CVSS6.6AI score0.00642EPSS
Exploits0References1
Veracode
Veracode
added 2019/05/27 12:57 a.m.22 views

Information Disclosure

foreman is vulnerable to information disclosure. Remote authenticated attacker with limited permissions for powering oVirt/RHV hosts on and off could discover the username and password used to connect to the compute resource...

8.8CVSS8.8AI score0.01798EPSS
Exploits0References93Affected Software221
CNVD
CNVD
added 2017/09/08 12:0 a.m.5 views

Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Man-in-the-Middle Attack Vulnerability

The Medfusion 4000 Wireless Syringe Infusion Pump is a syringe infusion pump deployed in healthcare and public health for delivering small doses of medication in acute care settings. The Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump has a man-in-the-middle attack vulnerability that...

5.9CVSS6.4AI score0.00686EPSS
Exploits0References1
Metasploit
Metasploit
added 2014/11/05 8:12 p.m.66 views

ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure

ManageEngine Eventlog Analyzer from v7 to v9.9 b9002 has two security vulnerabilities that allow an unauthenticated user to obtain the superuser password of any managed Windows and AS/400 hosts. This module abuses both vulnerabilities to collect all the available usernames and passwords. First th...

7.5CVSS7.9AI score0.72757EPSS
Exploits10
Rows per page
Query Builder