VYPR

rpm package

suse/curl&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP6

pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6

Vulnerabilities (4)

  • CVE-2026-3784MedMar 11, 2026
    affected < 8.14.1-150600.4.40.1fixed 8.14.1-150600.4.40.1

    curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.

  • CVE-2026-3805Mar 11, 2026
    affected < 8.14.1-150600.4.40.1fixed 8.14.1-150600.4.40.1

    When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.

  • CVE-2026-3783Mar 11, 2026
    affected < 8.14.1-150600.4.40.1fixed 8.14.1-150600.4.40.1

    When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .ne

  • CVE-2026-1965Mar 11, 2026
    affected < 8.14.1-150600.4.40.1fixed 8.14.1-150600.4.40.1

    libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connectio