Lucene search
K

27 matches found

OSV
OSV
added 2026/06/30 9:34 p.m.6 views

USN-8487-1 curl vulnerabilities

Andrew Nesbitt discovered that curl could reuse an existing live connection during STARTTLS-based connection upgrades even when the TLS configuration did not match. A remote attacker could possibly use this issue to cause curl to use an unintended TLS configuration. CVE-2026-8286 Muhamad Arga...

9.8CVSS6.1AI score0.00783EPSS
Exploits10References11
OSV
OSV
added 2026/06/30 10:27 a.m.4 views

SUSE-SU-2026:2703-1 Security update for curl

This update for curl fixes the following issues - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-5773: wrong reuse of SMB connection bsc1262633. - CVE-2026-6253: proxy credentials leak over...

7.5CVSS7.1AI score0.00639EPSS
Exploits6References13
OSV
OSV
added 2026/06/17 8:57 a.m.2 views

SUSE-SU-2026:22156-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. - CVE-2026-6276: stale custom...

7.5CVSS5.8AI score0.00639EPSS
Exploits5References11
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.11 views

SUSE SLES15 Security Update : curl (SUSE-SU-2026:1940-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1940-1 advisory. Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP...

7.5CVSS7.2AI score0.00639EPSS
Exploits5References19
OSV
OSV
added 2026/05/16 12:16 a.m.10 views

CLSA-2026-1778890582 curl: Fix of CVE-2026-5545

CVE-2026-5545: wrong reuse of HTTP Negotiate connection; only allow an existing connection to be reused and "upgraded" to NTLM when neither NTLM nor Negotiate authentication is in flight on it...

6.5CVSS5.8AI score0.00414EPSS
Exploits1References1
OSV
OSV
added 2026/05/16 12:3 a.m.16 views

CLSA-2026-1778889816 curl: Fix of CVE-2026-5545

CVE-2026-5545: wrong reuse of HTTP Negotiate connection; only allow an existing connection to be reused and "upgraded" to NTLM when neither NTLM nor Negotiate authentication is in flight on it...

6.5CVSS5.8AI score0.00414EPSS
Exploits1References1
OSV
OSV
added 2026/04/30 2:46 p.m.4 views

SUSE-SU-2026:21452-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. -...

7.5CVSS7.1AI score0.00639EPSS
Exploits5References13
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.10 views

Fedora 44 : curl (2026-f13d888b0f)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f13d888b0f advisory. - Fix bad reuse of HTTP Negotiate connection CVE-2026-1965 - Fix token leak with redirect and netrc CVE-2026-3783 - Fix wrong proxy connection reuse...

7.5CVSS7.2AI score0.00715EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2026/04/19 12:0 a.m.9 views

Fedora 42 : curl (2026-907bbf2a13)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-907bbf2a13 advisory. - fix bad reuse of HTTP Negotiate connection CVE-2026-1965 - fix token leak with redirect and netrc CVE-2026-3783 - fix wrong proxy connection reuse...

7.5CVSS7.2AI score0.00715EPSS
Exploits4References5
OSV
OSV
added 2026/03/23 10:3 a.m.5 views

CLSA-2026-1774260216 Fix CVE(s): CVE-2026-1965, CVE-2026-3783, CVE-2026-3784

SECURITY UPDATE: reuse of connections using HTTP Negotiate - debian/patches/CVE-2026-1965.patch: fix reuse of connections using HTTP Negotiate and fix copy and paste urlmatchauthnego mistake. - CVE-2026-1965 Bearer token sent without checking auth is allowed - debian/patches/CVE-2026-3783.patch:...

6.5CVSS5.8AI score0.00333EPSS
Exploits2References1
OSV
OSV
added 2026/03/23 9:47 a.m.6 views

CLSA-2026-1774259220 curl: Fix of 3 CVEs

CVE-2026-1965: fix incorrect connection reuse; prevent reuse of Negotiate- authenticated connections with different credentials and require authentication identity match - CVE-2026-3784: fix wrong proxy connection reuse with different credentials; check proxy user/password in proxyinfomatches to...

6.5CVSS7.1AI score0.00333EPSS
Exploits2References1
OSV
OSV
added 2026/03/20 9:37 a.m.2 views

SUSE-SU-2026:20918-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

7.5CVSS7.2AI score0.00715EPSS
Exploits4References9
OSV
OSV
added 2026/03/20 9:36 a.m.1 views

OPENSUSE-SU-2026:20404-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

7.5CVSS5.9AI score0.00715EPSS
Exploits4References8
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.4 views

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2026:0911-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0911-1 advisory. - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect...

7.5CVSS7.2AI score0.00715EPSS
Exploits4References13
SUSE Linux
SUSE Linux
added 2026/03/18 8:52 a.m.7 views

Security update for curl

This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. Patch Instructions: To install this SUSE update...

7.5CVSS5.7AI score0.00333EPSS
Exploits2References12
SUSE Linux
SUSE Linux
added 2026/03/17 7:57 p.m.9 views

Security update for curl

This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. CVE-2026-3805: use after free in SMB connection...

7.5CVSS5.8AI score0.00715EPSS
Exploits4References16
OSV
OSV
added 2026/03/17 7:56 p.m.2 views

SUSE-SU-2026:0911-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

7.5CVSS5.8AI score0.00715EPSS
Exploits4References9
SUSE Linux
SUSE Linux
added 2026/03/17 10:4 a.m.5 views

Security update for curl

This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. CVE-2026-3805: use after free in SMB connection...

7.5CVSS5.7AI score0.00715EPSS
Exploits4References16
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.16 views

Curl 7.10.6 < 8.19.0 Authentication Bypass

The version of curl installed on the remote host is 7.10.6 prior to 8.19.0. It is, therefore, affected by an authentication bypass vulnerability: - libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a po...

6.5CVSS7.1AI score0.00259EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.6 views

SUSE SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2026:0885-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0885-1 advisory. - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and net...

7.5CVSS7.2AI score0.00715EPSS
Exploits4References13
Rows per page
Query Builder