325 matches found
SUSE-SU-2026:0052-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override bsc1255732. - CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. - CVE-2025-15224: OpenSSL partial...
SUSE-SU-2026:0050-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override bsc1255732. - CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. - CVE-2025-15224: OpenSSL partial...
CURL-CVE-2025-14524 bearer token leak on cross-protocol redirect
When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...
bearer token leak on cross-protocol redirect
When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...
Linux Distros Unpatched Vulnerability : CVE-2025-14524
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or...
CVE-2025-14524
When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...
UBUNTU-CVE-2025-14524
When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...
curl: CVE-2025-14524: bearer token leak on cross-protocol redirect
Summary: A vulnerability exists in libcurl regarding the handling of OAuth2 Bearer tokens CURLOPTXOAUTH2BEARER during HTTP redirects. While libcurl correctly clears standard authentication credentials CURLOPTUSERPWD when following a redirect to a different host, port, or protocol a security...
BIT-NGINX-GATEWAY-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...
Siemens SIMATIC S7-1500 Insufficiently Protected Credentials (CVE-2022-27774)
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTPS redirects is used with authentication could leak credentials to other services that exist on different protocols ...
EUVD-2018-6562
Malware in sbrugna...
EUVD-2018-12937
Malware in sbrugna...
EUVD-2016-1698
Malware in sbrugna...
EUVD-2018-19507
Malware in sbrugna...
EUVD-2021-26922
Malware in sbrugna...
EUVD-2021-27510
Malicious code in bioql PyPI...
EUVD-2025-4010
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2018-7544
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password...
CVE-2023-28155
The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2018-20379
Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001...