324 matches found
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1331)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CLSA-2026-1773316090 Fix CVE(s): CVE-2025-14524, CVE-2025-15079
SECURITY UPDATE: OAuth2 bearer token leak on cross-protocol redirect - debian/patches/CVE-2025-14524.patch: do not use bearer when following redirect unless allowauthtootherhosts is set - CVE-2025-14524 SECURITY UPDATE: libssh global knownhosts override - debian/patches/CVE-2025-15079.patch: set...
K000160292: Curl vulnerability CVE-2025-14524
Security Advisory Description When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. CVE-2025-14524 Impact The...
CLSA-2026-1773153207 curl: Fix of 2 CVEs
CVE-2025-15079: libssh global knownhosts file override - CVE-2025-14524: bearer token leak on cross-protocol redirect...
CLSA-2026-1773135327 curl: Fix of 2 CVEs
CVE-2025-14524: prevent bearer token leak on cross-protocol redirect - CVE-2025-15079: set both SSH knownhosts options to the same file to prevent libssh global knownhosts override...
CLSA-2026-1773134717 curl: Fix of 2 CVEs
CVE-2025-14524: prevent bearer token leak on cross-protocol redirect - CVE-2025-15079: set both SSH knownhosts options to the same file to prevent libssh global knownhosts override...
EulerOS 2.0 SP13 : curl (EulerOS-SA-2026-1268)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl,changing TLS options in one thread would inadvertently change them globally and...
CLSA-2026-1772443907 Fix CVE(s): CVE-2025-14524
SECURITY UPDATE: bearer token leakage to IMAP/LDAP/POP3/SMTP hosts via cross-protocol redirects - debian/patches/CVE-2025-14524.patch: Require permission when redirected for bearer use and prevent sending bearer token to other hosts; fix unconditional reuse of oauth bearer during redirects. -...
CLSA-2026-1771664389 curl: Fix of 2 CVEs
CVE-2025-14524: fix OAuth2 bearer token leak on cross-protocol redirect - CVE-2025-15224: fix libssh public-key auth fallback to SSH agent...
CLSA-2026-1771663697 curl: Fix of 2 CVEs
CVE-2025-14524: fix OAuth2 bearer token leak on cross-protocol redirect - CVE-2025-15224: fix libssh public-key auth fallback to SSH agent...
Tenable Security Center Multiple Vulnerabilities (TNS-2026-06)
According to its self-reported version, the Tenable Security Center running on the remote host prior or equal to 6.7.2 and missing relevant patches. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-06 advisory. - In PHP versions:8.1. before 8.1.34, 8.2. before...
Medium: curl
Issue Overview: curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more. CVE-2025-10966 broken TLS options for threaded LDAPS NOTE:...
OESA-2026-1195 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an...
OESA-2026-1194 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an...
OESA-2026-1193 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an...
OESA-2026-1192 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an...
OESA-2026-1191 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an...
OESA-2026-1190 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004930)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004930 advisory. When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP...
Curl 7.33.0 < 8.18.0 OAuth2 Bearer Token Leak (CVE-2025-14524)
The version of curl installed on the remote host is missing a security update. It is, therefore, affected by an information disclosure vulnerability. - When an OAuth2 bearer token is used for an HTTPS transfer that performs a cross-protocol redirect to a second URL using IMAP, LDAP, POP3, or SMTP...