CURL-CVE-2026-8926 password leak with netrc and user in URL

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username without a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is n...

SUSE SLES15 Security Update : curl (SUSE-SU-2026:1940-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1940-1 advisory. Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP...

curl: CVE-2026-6429: netrc credential leak with reused proxy connection

Summary: libcurl can leak .netrc-derived host Authorization credentials across redirected hosts when an HTTP proxy connection is reused. In the PoC, .netrc contains credentials only for a.test, but after a.test redirects to b.test and then c.test over the same keep-alive proxy connection, libcurl...

EulerOS Virtualization 2.10.1 : python-pip (EulerOS-SA-2026-1143)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests...

MiracleLinux 8 : resource-agents-4.9.0-54.el8_10.16 (AXSA:2025-10823:08)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10823:08 advisory. requests: Requests vulnerable to .netrc credentials leak via malicious URLs CVE-2024-47081 Tenable has extracted the preceding description block directly fr...

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2025-1351)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1351 advisory. When asked to both use a .netrc file for credentials and to follow HTTPredirects, curl could leak the password used for the first host to thefollowed-to host under certain circumstances. This...

Medium: curl

Issue Overview: When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect...

Medium: aws-cfn-bootstrap

Issue Overview: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring...

EulerOS Virtualization 2.13.1 : python-pip (EulerOS-SA-2025-2561)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third...

TencentOS Server 3: python-requests (TSSA-2025:0851)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0851 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.0.1.9)

The version of AOS installed on the remote host is prior to 7.0.1.9. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.0.1.9 advisory. - There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number o...

EulerOS 2.0 SP11 : python-pip (EulerOS-SA-2025-2243)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for...

Moderate: Red Hat Security Advisory: python-requests security update

An update for python-requests is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: resource-agents security update

An update for resource-agents is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Moderate: resource-agents security update

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability HA environment. Security Fixes: requests: Requests vulnerable to .netrc credentials leak via malicious...

ALSA-2025:14750 Moderate: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: requests: Requests vulnerable to .netrc credentials leak via malicious...

Oracle Linux 10 : python-requests (ELSA-2025-13604)

The remote Oracle Linux 10 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-13604 advisory. 2.32.4-1 - Update to 2.32.4 - Security fix for CVE-2024-47081: .netrc credentials leak via malicious URLs Resolves: RHEL-105460 Tenable has extracted the...

Security update for python-requests

This update for python-requests fixes the following issues: CVE-2024-47081: Fixed incorrect URL processing leading to .netrc credential leak bsc1244039 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:01999-1 Security update for python-requests

This update for python-requests fixes the following issues: - CVE-2024-47081: fixed netrc credential leak bsc1244039...

Security update for curl

This update for curl fixes the following issues: CVE-2025-0725: Fixed gzip integer overflow bsc1236590 CVE-2025-0167: Fixed netrc and default credential leak bsc1236588 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...