Lucene search
K

148 matches found

Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.3 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: curl (UTSA-2025-987465)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987465 advisory. 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear...

7.5CVSS6.3AI score0.01301EPSS
Exploits1References4
Redos
Redos
added 2025/10/06 12:0 a.m.6 views

ROS-20251006-02

A vulnerability in the curl program is related to boundary conditions when reading the cookie path. Exploitation The vulnerability could allow a remote attacker to cause a denial of service...

7.5CVSS6.9AI score0.01301EPSS
Exploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29014

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.01301EPSS
Exploits1References4
SUSE Linux
SUSE Linux
added 2025/09/26 9:21 a.m.2 views

Security update for curl

This update for curl fixes the following issues: tooloperate: fix return code when --retry is used but not triggered bsc1249367 Security fixes: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Fixed predictable WebSocket mask bsc1249348 Patch Instructions: To...

7.5CVSS7.2AI score0.01301EPSS
Exploits1References10
OSV
OSV
added 2025/09/26 9:20 a.m.2 views

SUSE-SU-2025:20802-1 Security update for curl

This update for curl fixes the following issues: - tooloperate: fix return code when --retry is used but not triggered bsc1249367 - Security fixes: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Fixed predictable WebSocket mask bsc1249348...

7.5CVSS6.8AI score0.01301EPSS
Exploits1References6
OSV
OSV
added 2025/09/25 10:52 a.m.3 views

SUSE-SU-2025:20824-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 - CVE-2025-10148: Predictable WebSocket mask bsc1249348 - Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 - tooloperate: fix return code when --retry is used but not triggere...

7.5CVSS6.9AI score0.01301EPSS
Exploits1References7
SUSE Linux
SUSE Linux
added 2025/09/25 10:50 a.m.5 views

Security update for curl

This update for curl fixes the following issues: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Predictable WebSocket mask bsc1249348 Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 tooloperate: fix return code when --retry is used but not triggered...

7.5CVSS7.6AI score0.01301EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2025/09/22 12:0 a.m.3 views

Fedora 41 : curl (2025-4daec13254)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-4daec13254 advisory. - fix Out of bounds read for cookie path CVE-2025-9086 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

7.5CVSS6.5AI score0.01301EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/20 12:0 a.m.6 views

Fedora 42 : curl (2025-97ae15dc56)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-97ae15dc56 advisory. - Fix Out of bounds read for cookie path CVE-2025-9086 - Fix predictable WebSocket mask CVE-2025-10148 Tenable has extracted the preceding descripti...

7.5CVSS6.8AI score0.01301EPSS
Exploits1References3
OSV
OSV
added 2025/09/19 1:13 p.m.5 views

OESA-2025-2319 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: curl contains an out-of-bounds read vulnerability in cookie path comparison logic. When a secure cookie is set via HTTPS and then the client is...

7.5CVSS7AI score0.01301EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2025/09/13 1:5 a.m.4 views

Out of bounds read for cookie path

...

7.5CVSS7AI score0.01301EPSS
Exploits1
OSV
OSV
added 2025/09/12 6:15 a.m.3 views

DEBIAN-CVE-2025-9086

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...

7.5CVSS6.8AI score0.01301EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/09/12 5:10 a.m.11 views

CVE-2025-9086 Out of bounds read for cookie path

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...

0.01301EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/09/12 5:10 a.m.4 views

CVE-2025-9086 Out of bounds read for cookie path

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...

6.2AI score0.01301EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2025/09/12 5:10 a.m.4 views

CVE-2025-9086

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...

7.5CVSS6.8AI score0.01301EPSS
Exploits1
CVE
CVE
added 2025/09/12 5:10 a.m.75 views

CVE-2025-9086

CVE-2025-9086 affects curl’s curl/libcurl component. Reports indicate an out-of-bounds read when handling a cookie path for a secure cookie, which can cause a crash or potentially allow memory-read conditions. The vulnerability is documented across multiple advisories and vendor pages, including ...

7.5CVSS6.2AI score0.01301EPSS
Exploits1References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/12 12:0 a.m.8 views

Curl 7.31.0 < 8.16.0 Out of Bounds Read (CVE-2025-9086)

The version of Curl installed on the remote host is 7.31.0 prior to 8.16.0. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-9086 advisory. - A cookie is set using the secure keyword for https://target. Curl is redirected to or otherwise made to speak with http://target...

7.5CVSS6.7AI score0.01301EPSS
Exploits1References2
SUSE Linux
SUSE Linux
added 2025/09/11 12:55 p.m.5 views

Security update for curl

This update for curl fixes the following issues: CVE-2025-9086: bug in path comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server bsc1249348. Patch...

7.5CVSS7.2AI score0.01301EPSS
Exploits1References8
OSV
OSV
added 2025/09/11 12:55 p.m.3 views

SUSE-SU-2025:03173-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-9086: bug in path comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server bsc1249348...

7.5CVSS6.8AI score0.01301EPSS
Exploits1References5
Hacker One
Hacker One
added 2025/08/11 4:28 p.m.12 views

curl: CVE-2025-9086: Out of bounds read for cookie path

We are tracking this issue with the public ID BIGSLEEP-437903454. Please use this identifier for reference in any future communication. Vulnerability Details In the cookie support found in cookie.c, there's an out-of-bounds string comparison that results from a crafted sequence of cookie...

7.5CVSS6.9AI score0.01301EPSS
Exploits1
Rows per page
Query Builder