167 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2025-987462)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987462 advisory. When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, a...
EUVD-2025-1837
Malicious code in bioql PyPI...
[SECURITY] Fedora 42 Update: suricata-7.0.11-1.fc42
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
jetty-server: Jetty: Gzip Request Body Buffer Corruption
A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data fro...
K000151312: cURL vulnerability CVE-2025-0725
Security Advisory Description When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. CVE-2025-0725...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1502)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP10 : curl (EulerOS-SA-2025-1503)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option,using zlib...
EulerOS 2.0 SP10 : curl (EulerOS-SA-2025-1502)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option,using zlib...
EulerOS 2.0 SP12 : curl (EulerOS-SA-2025-1408)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-t...
EulerOS 2.0 SP12 : curl (EulerOS-SA-2025-1407)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-t...
EulerOS 2.0 SP11 : curl (EulerOS-SA-2025-1350)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the...
[SECURITY] Fedora 41 Update: suricata-7.0.10-1.fc41
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
EulerOS 2.0 SP13 : curl (EulerOS-SA-2025-1313)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-t...
EulerOS 2.0 SP13 : curl (EulerOS-SA-2025-1330)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-t...
Linux Distros Unpatched Vulnerability : CVE-2025-0725
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or...
Tenable Identity Exposure < 3.77.9 Multiple Vulnerabilities (TNS-2025-01)
The version of the Tenable Identity Exposure running on the remote host is prior to 3.77.9. It is, therefore, affected by multiple vulnerabilities according to advisory TNS-2025-01, including the following: - libcurl would wrongly close the same eventfd file descriptor twice when taking down a...
CBL Mariner 2.0 Security Update: curl / mysql (CVE-2025-0725)
The version of curl / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-0725 advisory. - When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with th...
Buffer Overflow
libcurl.so is vulnerable to a Buffer Overflow. The vulnerability is due to an attacker-controlled integer overflow due to the use of zlib when performing automatic gzip decompression with the CURLOPTACCEPTENCODING option, leading to a potential buffer overflow...
CVE-2025-0725
A flaw was found in libcurl. This vulnerability allows an attacker to trigger a buffer overflow via an integer overflow in zlib 1.2.0.3 or older when libcurl performs automatic gzip decompression. Mitigation Mitigation for this issue is either not available or the currently available options do n...
SUSE CVE-2025-0725
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow...