CVE-2025-63666

CVE-2025-63666 affects Tenda AC15 v15.03.05.18_multi. The flaw is that an authentication cookie exposes the account password hash to the client and uses a short, low-entropy session identifier. An attacker with network access or the ability to run JavaScript in a victim’s browser can steal the co...

RHEL 8 : curl (RHSA-2022:5313)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5313 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

RHEL 9 : curl (RHSA-2022:5245)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5245 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

ALSA-2022:5313 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl:...

RLSA-2022:5313 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl:...

Mageia: Security Advisory (MGASA-2022-0159)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2022-0159 Updated curl packages fix security vulnerability

OAUTH2 bearer bypass in connection re-use. CVE-2022-22576 Credential leak on redirect. CVE-2022-27774 Bad local IPv6 connection reuse. CVE-2022-27775 Auth/cookie leak on redirect. CVE-2022-27776...

[slackware-security] curl

New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-7.83.0-i586-1slack15.0.txz: Upgraded. This update fixes security issues: OAUTH2 bearer bypass in connection...

Internet Bug Bounty: CVE-2022-27776: Auth/cookie leak on redirect

Summary: curl/libcurl can be coaxed to leak Authorization / Cookie headers by redirecting request to http:// URL on the same host. Successful exploitation requires that the attacker can either Man-in-the-Middle the connection or can access the traffic at the recipient side for example by...