201 matches found
JLSEC-2026-437 When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a...
When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...
Advisory ROSA-SA-2026-3234
software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-6 affected versions curl-8.7.1-6 CVE-ID: CVE-2025-14017 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: In multi-threaded LDAPS transfers in libcurl, changing TLS options in one thread changed them globally and could affect other...
Security update for curl
This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. Patch Instructions: To install this SUSE update...
SUSE SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2026:0885-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0885-1 advisory. - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and net...
curl: RTSP RTP Interleaved Parser Assertion Failure (Zero-Length RTP Payload)
Summary: I am submitting this as a security issue primarily due to how it was discovered and that it's my first Curl submission, but I suspect I might be overly cautious here. This issue was discovered as part of the AIXCC competition, and I am assisting on reporting true positive findings to...
RLSA-2026:1350 Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: libcurl: Curl out of bounds read for cookie path CVE-2025-9086 For more details about the security issues, including...
RHSA-2026:1477 Red Hat Security Advisory: curl security update
Bulletin has no description...
SUSE-SU-2026:20358-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS bsc1256105...
Security update for curl (moderate)
openSUSE security update: security update for curl ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20031-1 Rating: moderate References: bsc1255731 bsc1255732 bsc1255733 bsc1255734 bsc1256105 Cross-References: CVE-2025-14017 CVE-2025-14524...
Security update for curl
This update for curl fixes the following issues: CVE-2025-14017: Fixed broken TLS options for threaded LDAPS bsc1256105. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command...
SUSE-SU-2026:20042-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override bsc1255732. - CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. - CVE-2025-15224: OpenSSL partial...
SUSE-SU-2026:0052-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override bsc1255732. - CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. - CVE-2025-15224: OpenSSL partial...
DLA-4432-1 curl - security update
Bulletin has no description...
curl: A quiet New Year wish for security researchers
Hi curl Security Team and fellow security researchers, Sorry in advance if this isn’t a traditional security report. I know your time is valuable, and I truly respect the work you all do. I just wanted to take a quiet moment to wish every security researcher here those who report issues, those wh...
Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: libcurl: Curl out of bounds read for cookie path CVE-2025-9086 For more details about the security issues, including...
RHSA-2025:23127 Red Hat Security Advisory: curl security update
Bulletin has no description...
SUSE-SU-2025:21145-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757 - CVE-2025-10148: Fixed predictable WebSocket mask bsc1249348 Other fixes: - tooloperate: fix...
curl 安全漏洞
curl is a cURL open source tool for transferring data from or to a server. A security vulnerability exists in curl that stems from the lack of a host authentication mechanism when SFTP uses the wolfSSH backend, which could lead to a man-in-the-middle attack...
EUVD-2016-9469
Malware in sbrugna...
EUVD-2018-8636
Malware in sbrugna...