24 matches found
CLSA-2026-1773316266 Fix CVE(s): CVE-2025-14524, CVE-2025-15079, CVE-2025-15224
SECURITY UPDATE: OAuth2 bearer token leak on cross-protocol redirect - debian/patches/CVE-2025-14524.patch: do not use bearer when following redirect unless allowauthtootherhosts is set - CVE-2025-14524 SECURITY UPDATE: libssh global knownhosts override -...
Medium: curl
Issue Overview: No QUIC certificate pinning with GnuTLS NOTE: https://curl.se/docs/CVE-2025-13034.html NOTE: Introduced with: https://github.com/curl/curl/commit/3210101088dfa3d6a125d213226b092f2f866722 curl-880 NOTE: Fixed by:...
Security update for curl
This update for curl fixes the following issues: CVE-2025-14017: Fixed broken TLS options for threaded LDAPS bsc1256105. CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. CVE-2025-14819: libssh global knownhost override bsc1255732. CVE-2025-15079: libssh key passphrase bypa...
openSUSE 16 Security Update : curl (openSUSE-SU-2026:20031-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20031-1 advisory. This update for curl fixes the following issues: - CVE-2025-14017: broken TLS options for threaded LDAPS bsc1256105. - CVE-2025-14524: bearer...
SUSE-SU-2026:20110-1 Security update for curl
This update for curl fixes the following issues: This update for curl fixes the following issues: - CVE-2025-14017: broken TLS options for threaded LDAPS bsc1256105. - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override...
Updated curl packages fix security vulnerabilities
curl is susceptible to a number of low severity security vulnerabilities: CVE-2025-14524: bearer token leak on cross-protocol redirect CVE-2025-14819: OpenSSL partial chain store policy bypass CVE-2025-15079: libssh knownhosts file vulnerability CVE-2025-15224: libssh key passphrase bypass...
MGASA-2026-0003 Updated curl packages fix security vulnerabilities
curl is susceptible to a number of low severity security vulnerabilities: CVE-2025-14524: bearer token leak on cross-protocol redirect CVE-2025-14819: OpenSSL partial chain store policy bypass CVE-2025-15079: libssh knownhosts file vulnerability CVE-2025-15224: libssh key passphrase bypass...
SUSE-SU-2026:20042-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override bsc1255732. - CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. - CVE-2025-15224: OpenSSL partial...
SUSE-SU-2026:20062-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override bsc1255732. - CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. - CVE-2025-15224: OpenSSL partial...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via CURLSSHAUTHAGENT flag for public key authentication. An attacker can gain unauthorized access by leveraging a locally running SSH agent to bypass the intended key passphrase requirement. Note: This issue...
CVE-2025-15224 libssh key passphrase bypass without agent set
When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...
CVE-2025-15224 libssh key passphrase bypass without agent set
When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...
CVE-2025-15224
When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...
Security update for curl
This update for curl fixes the following issues: CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. CVE-2025-14819: libssh global knownhost override bsc1255732. CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. CVE-2025-15224: OpenSSL partial chain...
SUSE-SU-2026:0051-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override bsc1255732. - CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. - CVE-2025-15224: OpenSSL partial...
Security update for curl
This update for curl fixes the following issues: CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. CVE-2025-14819: libssh global knownhost override bsc1255732. CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. CVE-2025-15224: OpenSSL partial chain...
CURL-CVE-2025-15224 libssh key passphrase bypass without agent set
When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...
libssh key passphrase bypass without agent set
When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...
curl: CVE-2025-15224: libssh key passphrase bypass without agent set
A vulnerability was discovered in the libcurl libssh backend where the CURLOPTSSHAUTHTYPES option did not properly implement the CURLSSHAUTHAGENT flag. As a result, if the CURLSSHAUTHPUBLICKEY option was set, the implementation would act as if CURLSSHAUTHAGENT was always defined, allowing...
PT-2026-1660
Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description A key passphrase bypass is present in libssh when an agent is not set. This issue was discovered through analysis using curl. The potential impact is currently unknown. The vulnerability affects...