CLSA-2026-1774260216 Fix CVE(s): CVE-2026-1965, CVE-2026-3783, CVE-2026-3784

SECURITY UPDATE: reuse of connections using HTTP Negotiate - debian/patches/CVE-2026-1965.patch: fix reuse of connections using HTTP Negotiate and fix copy and paste urlmatchauthnego mistake. - CVE-2026-1965 Bearer token sent without checking auth is allowed - debian/patches/CVE-2026-3783.patch:...

CLSA-2026-1774259901 curl: Fix of 3 CVEs

CVE-2026-1965: fix incorrect connection reuse; prevent reuse of Negotiate- authenticated connections with different credentials and require authentication identity match - CVE-2026-3784: fix wrong proxy connection reuse with different credentials; check proxy user/password in proxyinfomatches to...

SUSE-SU-2026:20760-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

OPENSUSE-SU-2026:20404-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

SUSE SLES12 Security Update : curl (SUSE-SU-2026:0921-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0921-1 advisory. - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. -...

Ubuntu 18.04 LTS / 20.04 LTS : curl vulnerabilities (USN-8099-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8099-1 advisory. Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate- authenticated HTTP or HTTPS requests. This cou...

USN-8099-1: curl vulnerabilities

Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate-authenticated HTTP or HTTPS requests. This could result in the use of credentials from a different connection, contrary to expectations. This issue only affected Ubuntu 20.04 LTS. CVE-2026-1965 It was...

Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2026-1460)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1460 advisory. A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences...

Security Bulletin: IBM Robotic Process Automation is vulnerable to proxy credential exposure in upgrade logs (CVE-2022-39168)

Summary IBM Robotic Process Automation Client is vulnerable to proxy credential exposure in upgrade logs. Vulnerability Details CVEID:CVE-2022-39168 DESCRIPTION: IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. CVSS Base score: 4.6 CVSS...

Security Bulletin: IBM Software Support mobile app is vulnerable to multiple vulnerabilities due to 3rd party software

Summary This release includes information about multiple vulnerabilities, improving the overall security and stability of the application. The types of vulnerabilities resolved include: Cross-Site Scripting XSS Vulnerability: Addressed an issue that could allow an attacker to inject malicious...

CVE-2023-28086

An HPE OneView appliance dump may expose proxy credential settings...

Code injection

An HPE OneView appliance dump may expose proxy credential settings...

CVE-2023-28086

An HPE OneView appliance dump may expose proxy credential settings...

PT-2023-21545 · Hewlett Packard · Hpe Oneview

Name of the Vulnerable Software and Affected Versions: HPE OneView affected versions not specified Description: The issue concerns the exposure of proxy credential settings through an HPE OneView appliance dump. Recommendations: At the moment, there is no information about a newer version that...

CVE-2023-25721

Veracode Scan Jenkins Plugin exposes proxy credentials in logs for versions prior to 23.3.19.0 when proxy is used with credentials and Jenkins global debug is enabled, and a scan runs on remote agent jobs. The root cause is information disclosure in job logs accessible to users who can view logs,...