Lucene search
+L

6 matches found

OSV
OSV
added 2026/03/12 11:51 a.m.8 views

CLSA-2026-1773316266 Fix CVE(s): CVE-2025-14524, CVE-2025-15079, CVE-2025-15224

SECURITY UPDATE: OAuth2 bearer token leak on cross-protocol redirect - debian/patches/CVE-2025-14524.patch: do not use bearer when following redirect unless allowauthtootherhosts is set - CVE-2025-14524 SECURITY UPDATE: libssh global knownhosts override -...

5.3CVSS6.4AI score0.00611EPSS
Exploits3References1
SUSE Linux
SUSE Linux
added 2026/02/13 2:50 p.m.4 views

Security update for curl

This update for curl fixes the following issues: CVE-2025-14017: Fixed broken TLS options for threaded LDAPS bsc1256105. CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. CVE-2025-14819: libssh global knownhost override bsc1255732. CVE-2025-15079: libssh key passphrase bypa...

7CVSS5.7AI score0.00679EPSS
Exploits3References20
Mageia
Mageia
added 2026/01/10 5:7 a.m.10 views

Updated curl packages fix security vulnerabilities

curl is susceptible to a number of low severity security vulnerabilities: CVE-2025-14524: bearer token leak on cross-protocol redirect CVE-2025-14819: OpenSSL partial chain store policy bypass CVE-2025-15079: libssh knownhosts file vulnerability CVE-2025-15224: libssh key passphrase bypass...

6.3CVSS6.8AI score0.00679EPSS
Exploits3References2
Snyk
Snyk
added 2026/01/08 10:45 a.m.6 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via CURLSSHAUTHAGENT flag for public key authentication. An attacker can gain unauthorized access by leveraging a locally running SSH agent to bypass the intended key passphrase requirement. Note: This issue...

4.7CVSS5.8AI score0.00413EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/01/08 10:8 a.m.10 views

CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

3.1CVSS5.9AI score0.00413EPSS
Exploits1
Hacker One
Hacker One
added 2025/12/28 9:22 p.m.15 views

curl: CVE-2025-15224: libssh key passphrase bypass without agent set

A vulnerability was discovered in the libcurl libssh backend where the CURLOPTSSHAUTHTYPES option did not properly implement the CURLSSHAUTHAGENT flag. As a result, if the CURLSSHAUTHPUBLICKEY option was set, the implementation would act as if CURLSSHAUTHAGENT was always defined, allowing...

3.1CVSS7.1AI score0.00413EPSS
Exploits1
Rows per page
Query Builder