Lucene search
K

324 matches found

OpenVAS
OpenVAS
added 2026/03/16 12:0 a.m.4 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1331)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3CVSS6.1AI score0.00611EPSS
Exploits3References2
OSV
OSV
added 2026/03/12 11:48 a.m.8 views

CLSA-2026-1773316090 Fix CVE(s): CVE-2025-14524, CVE-2025-15079

SECURITY UPDATE: OAuth2 bearer token leak on cross-protocol redirect - debian/patches/CVE-2025-14524.patch: do not use bearer when following redirect unless allowauthtootherhosts is set - CVE-2025-14524 SECURITY UPDATE: libssh global knownhosts override - debian/patches/CVE-2025-15079.patch: set...

5.3CVSS6.4AI score0.00611EPSS
Exploits2References1
F5 Networks
F5 Networks
added 2026/03/10 9:48 p.m.13 views

K000160292: Curl vulnerability CVE-2025-14524

Security Advisory Description When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. CVE-2025-14524 Impact The...

5.3CVSS5.8AI score0.00611EPSS
Exploits1
OSV
OSV
added 2026/03/10 2:33 p.m.7 views

CLSA-2026-1773153207 curl: Fix of 2 CVEs

CVE-2025-15079: libssh global knownhosts file override - CVE-2025-14524: bearer token leak on cross-protocol redirect...

5.3CVSS6.6AI score0.00611EPSS
Exploits2References1
OSV
OSV
added 2026/03/10 9:35 a.m.6 views

CLSA-2026-1773135327 curl: Fix of 2 CVEs

CVE-2025-14524: prevent bearer token leak on cross-protocol redirect - CVE-2025-15079: set both SSH knownhosts options to the same file to prevent libssh global knownhosts override...

5.3CVSS6.6AI score0.00611EPSS
Exploits2References1
OSV
OSV
added 2026/03/10 9:25 a.m.11 views

CLSA-2026-1773134717 curl: Fix of 2 CVEs

CVE-2025-14524: prevent bearer token leak on cross-protocol redirect - CVE-2025-15079: set both SSH knownhosts options to the same file to prevent libssh global knownhosts override...

5.3CVSS6.6AI score0.00611EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.3 views

EulerOS 2.0 SP13 : curl (EulerOS-SA-2026-1268)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl,changing TLS options in one thread would inadvertently change them globally and...

6.3CVSS5.9AI score0.00611EPSS
Exploits3References5
OSV
OSV
added 2026/03/02 9:31 a.m.7 views

CLSA-2026-1772443907 Fix CVE(s): CVE-2025-14524

SECURITY UPDATE: bearer token leakage to IMAP/LDAP/POP3/SMTP hosts via cross-protocol redirects - debian/patches/CVE-2025-14524.patch: Require permission when redirected for bearer use and prevent sending bearer token to other hosts; fix unconditional reuse of oauth bearer during redirects. -...

5.3CVSS6.4AI score0.00611EPSS
Exploits1References1
OSV
OSV
added 2026/02/21 8:59 a.m.10 views

CLSA-2026-1771664389 curl: Fix of 2 CVEs

CVE-2025-14524: fix OAuth2 bearer token leak on cross-protocol redirect - CVE-2025-15224: fix libssh public-key auth fallback to SSH agent...

5.3CVSS6.4AI score0.00611EPSS
Exploits2References1
OSV
OSV
added 2026/02/21 8:48 a.m.8 views

CLSA-2026-1771663697 curl: Fix of 2 CVEs

CVE-2025-14524: fix OAuth2 bearer token leak on cross-protocol redirect - CVE-2025-15224: fix libssh public-key auth fallback to SSH agent...

5.3CVSS6.4AI score0.00611EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.13 views

Tenable Security Center Multiple Vulnerabilities (TNS-2026-06)

According to its self-reported version, the Tenable Security Center running on the remote host prior or equal to 6.7.2 and missing relevant patches. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-06 advisory. - In PHP versions:8.1. before 8.1.34, 8.2. before...

8.8CVSS7.3AI score0.01165EPSS
Exploits7References13
Amazon
Amazon
added 2026/02/19 12:0 a.m.8 views

Medium: curl

Issue Overview: curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more. CVE-2025-10966 broken TLS options for threaded LDAPS NOTE:...

6.3CVSS5.6AI score0.00679EPSS
Exploits4
OSV
OSV
added 2026/01/23 12:22 p.m.10 views

OESA-2026-1195 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an...

5.3CVSS5.6AI score0.00679EPSS
Exploits3References5
OSV
OSV
added 2026/01/23 12:22 p.m.7 views

OESA-2026-1194 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an...

5.3CVSS5.6AI score0.00611EPSS
Exploits3References4
OSV
OSV
added 2026/01/23 12:22 p.m.8 views

OESA-2026-1193 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an...

5.3CVSS5.6AI score0.00611EPSS
Exploits3References4
OSV
OSV
added 2026/01/23 12:22 p.m.5 views

OESA-2026-1192 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an...

5.3CVSS5.6AI score0.00679EPSS
Exploits3References5
OSV
OSV
added 2026/01/23 12:22 p.m.6 views

OESA-2026-1191 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an...

5.3CVSS5.6AI score0.00679EPSS
Exploits3References5
OSV
OSV
added 2026/01/23 12:22 p.m.6 views

OESA-2026-1190 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an...

5.3CVSS5.6AI score0.00679EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2026/01/23 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004930)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004930 advisory. When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP...

5.3CVSS5.6AI score0.00611EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.5 views

Curl 7.33.0 < 8.18.0 OAuth2 Bearer Token Leak (CVE-2025-14524)

The version of curl installed on the remote host is missing a security update. It is, therefore, affected by an information disclosure vulnerability. - When an OAuth2 bearer token is used for an HTTPS transfer that performs a cross-protocol redirect to a second URL using IMAP, LDAP, POP3, or SMTP...

5.3CVSS6.4AI score0.00611EPSS
Exploits1References2
Rows per page
Query Builder