CVE-2025-0167

LOW Year: 2025
CVSS v3 Score
3.4
Low
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.

Related Vulnerabilities

CVE-2016-3484

LOW
CVSS:3.4(Low)

Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality and integrity via unknown vectors.

NVD-CWE-Other2016

CVE-2017-10088

LOW
CVSS:3.4(Low)

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerabili...

NVD-CWE-Other2017

CVE-2018-3136

LOW
CVSS:3.4(Low)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u1...

NVD-CWE-Other2018

CVE-2018-6678

LOW
CVSS:3.4(Low)

Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via ...

NVD-CWE-Other2018

CVE-2019-2605

LOW
CVSS:3.4(Low)

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Web Catalog). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 ...

NVD-CWE-Other2019

CVE-2019-2786

LOW
CVSS:3.4(Low)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211...

NVD-CWE-Other2019