148 matches found
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: curl (UTSA-2025-987465)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987465 advisory. 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear...
ROS-20251006-02
A vulnerability in the curl program is related to boundary conditions when reading the cookie path. Exploitation The vulnerability could allow a remote attacker to cause a denial of service...
EUVD-2025-29014
Malicious code in bioql PyPI...
Security update for curl
This update for curl fixes the following issues: tooloperate: fix return code when --retry is used but not triggered bsc1249367 Security fixes: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Fixed predictable WebSocket mask bsc1249348 Patch Instructions: To...
SUSE-SU-2025:20802-1 Security update for curl
This update for curl fixes the following issues: - tooloperate: fix return code when --retry is used but not triggered bsc1249367 - Security fixes: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Fixed predictable WebSocket mask bsc1249348...
SUSE-SU-2025:20824-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 - CVE-2025-10148: Predictable WebSocket mask bsc1249348 - Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 - tooloperate: fix return code when --retry is used but not triggere...
Security update for curl
This update for curl fixes the following issues: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Predictable WebSocket mask bsc1249348 Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 tooloperate: fix return code when --retry is used but not triggered...
Fedora 41 : curl (2025-4daec13254)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-4daec13254 advisory. - fix Out of bounds read for cookie path CVE-2025-9086 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
Fedora 42 : curl (2025-97ae15dc56)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-97ae15dc56 advisory. - Fix Out of bounds read for cookie path CVE-2025-9086 - Fix predictable WebSocket mask CVE-2025-10148 Tenable has extracted the preceding descripti...
OESA-2025-2319 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: curl contains an out-of-bounds read vulnerability in cookie path comparison logic. When a secure cookie is set via HTTPS and then the client is...
Out of bounds read for cookie path
...
DEBIAN-CVE-2025-9086
A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...
CVE-2025-9086 Out of bounds read for cookie path
A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...
CVE-2025-9086 Out of bounds read for cookie path
A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...
CVE-2025-9086
A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...
CVE-2025-9086
CVE-2025-9086 affects curl’s curl/libcurl component. Reports indicate an out-of-bounds read when handling a cookie path for a secure cookie, which can cause a crash or potentially allow memory-read conditions. The vulnerability is documented across multiple advisories and vendor pages, including ...
Curl 7.31.0 < 8.16.0 Out of Bounds Read (CVE-2025-9086)
The version of Curl installed on the remote host is 7.31.0 prior to 8.16.0. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-9086 advisory. - A cookie is set using the secure keyword for https://target. Curl is redirected to or otherwise made to speak with http://target...
Security update for curl
This update for curl fixes the following issues: CVE-2025-9086: bug in path comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server bsc1249348. Patch...
SUSE-SU-2025:03173-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-9086: bug in path comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server bsc1249348...
curl: CVE-2025-9086: Out of bounds read for cookie path
We are tracking this issue with the public ID BIGSLEEP-437903454. Please use this identifier for reference in any future communication. Vulnerability Details In the cookie support found in cookie.c, there's an out-of-bounds string comparison that results from a crafted sequence of cookie...