Lucene search
K

24 matches found

OSV
OSV
added 2026/03/12 11:51 a.m.5 views

CLSA-2026-1773316266 Fix CVE(s): CVE-2025-14524, CVE-2025-15079, CVE-2025-15224

SECURITY UPDATE: OAuth2 bearer token leak on cross-protocol redirect - debian/patches/CVE-2025-14524.patch: do not use bearer when following redirect unless allowauthtootherhosts is set - CVE-2025-14524 SECURITY UPDATE: libssh global knownhosts override -...

5.3CVSS6.4AI score0.00611EPSS
Exploits3References1
Amazon
Amazon
added 2026/02/18 12:0 a.m.6 views

Medium: curl

Issue Overview: No QUIC certificate pinning with GnuTLS NOTE: https://curl.se/docs/CVE-2025-13034.html NOTE: Introduced with: https://github.com/curl/curl/commit/3210101088dfa3d6a125d213226b092f2f866722 curl-880 NOTE: Fixed by:...

6.3CVSS5.5AI score0.00679EPSS
Exploits3
SUSE Linux
SUSE Linux
added 2026/02/13 2:50 p.m.3 views

Security update for curl

This update for curl fixes the following issues: CVE-2025-14017: Fixed broken TLS options for threaded LDAPS bsc1256105. CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. CVE-2025-14819: libssh global knownhost override bsc1255732. CVE-2025-15079: libssh key passphrase bypa...

7CVSS5.7AI score0.00679EPSS
Exploits3References20
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

openSUSE 16 Security Update : curl (openSUSE-SU-2026:20031-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20031-1 advisory. This update for curl fixes the following issues: - CVE-2025-14017: broken TLS options for threaded LDAPS bsc1256105. - CVE-2025-14524: bearer...

6.3CVSS6.7AI score0.00679EPSS
Exploits3References15
OSV
OSV
added 2026/01/14 10:58 a.m.4 views

SUSE-SU-2026:20110-1 Security update for curl

This update for curl fixes the following issues: This update for curl fixes the following issues: - CVE-2025-14017: broken TLS options for threaded LDAPS bsc1256105. - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override...

6.3CVSS6.1AI score0.00679EPSS
Exploits3References11
Mageia
Mageia
added 2026/01/10 5:7 a.m.6 views

Updated curl packages fix security vulnerabilities

curl is susceptible to a number of low severity security vulnerabilities: CVE-2025-14524: bearer token leak on cross-protocol redirect CVE-2025-14819: OpenSSL partial chain store policy bypass CVE-2025-15079: libssh knownhosts file vulnerability CVE-2025-15224: libssh key passphrase bypass...

6.3CVSS6.8AI score0.00679EPSS
Exploits3References2
OSV
OSV
added 2026/01/10 5:7 a.m.3 views

MGASA-2026-0003 Updated curl packages fix security vulnerabilities

curl is susceptible to a number of low severity security vulnerabilities: CVE-2025-14524: bearer token leak on cross-protocol redirect CVE-2025-14819: OpenSSL partial chain store policy bypass CVE-2025-15079: libssh knownhosts file vulnerability CVE-2025-15224: libssh key passphrase bypass...

6.3CVSS6.7AI score0.00679EPSS
Exploits3References3
OSV
OSV
added 2026/01/08 3:18 p.m.8 views

SUSE-SU-2026:20042-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override bsc1255732. - CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. - CVE-2025-15224: OpenSSL partial...

5.3CVSS6.1AI score0.00679EPSS
Exploits3References9
OSV
OSV
added 2026/01/08 2:51 p.m.3 views

SUSE-SU-2026:20062-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override bsc1255732. - CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. - CVE-2025-15224: OpenSSL partial...

5.3CVSS5.8AI score0.00679EPSS
Exploits3References9
Snyk
Snyk
added 2026/01/08 10:45 a.m.3 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via CURLSSHAUTHAGENT flag for public key authentication. An attacker can gain unauthorized access by leveraging a locally running SSH agent to bypass the intended key passphrase requirement. Note: This issue...

4.7CVSS5.8AI score0.00413EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/08 10:8 a.m.30 views

CVE-2025-15224 libssh key passphrase bypass without agent set

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

0.00413EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/08 10:8 a.m.3 views

CVE-2025-15224 libssh key passphrase bypass without agent set

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

6.5AI score0.00413EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/01/08 10:8 a.m.6 views

CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

3.1CVSS5.9AI score0.00413EPSS
Exploits1
SUSE Linux
SUSE Linux
added 2026/01/07 9:28 a.m.3 views

Security update for curl

This update for curl fixes the following issues: CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. CVE-2025-14819: libssh global knownhost override bsc1255732. CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. CVE-2025-15224: OpenSSL partial chain...

6CVSS6.9AI score0.00679EPSS
Exploits3References16
OSV
OSV
added 2026/01/07 9:28 a.m.4 views

SUSE-SU-2026:0051-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override bsc1255732. - CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. - CVE-2025-15224: OpenSSL partial...

5.3CVSS6.1AI score0.00679EPSS
Exploits3References9
SUSE Linux
SUSE Linux
added 2026/01/07 9:28 a.m.5 views

Security update for curl

This update for curl fixes the following issues: CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. CVE-2025-14819: libssh global knownhost override bsc1255732. CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. CVE-2025-15224: OpenSSL partial chain...

6CVSS6.9AI score0.00679EPSS
Exploits3References16
OSV
OSV
added 2026/01/07 8:0 a.m.7 views

CURL-CVE-2025-15224 libssh key passphrase bypass without agent set

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

3.1CVSS6.8AI score0.00413EPSS
Exploits1
curl security advisories
curl security advisories
added 2026/01/07 8:0 a.m.6 views

libssh key passphrase bypass without agent set

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

3.1CVSS5.8AI score0.00413EPSS
Exploits1References1Affected Software2
Hacker One
Hacker One
added 2025/12/28 9:22 p.m.12 views

curl: CVE-2025-15224: libssh key passphrase bypass without agent set

A vulnerability was discovered in the libcurl libssh backend where the CURLOPTSSHAUTHTYPES option did not properly implement the CURLSSHAUTHAGENT flag. As a result, if the CURLSSHAUTHPUBLICKEY option was set, the implementation would act as if CURLSSHAUTHAGENT was always defined, allowing...

3.1CVSS7.1AI score0.00413EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.4 views

PT-2026-1660

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description A key passphrase bypass is present in libssh when an agent is not set. This issue was discovered through analysis using curl. The potential impact is currently unknown. The vulnerability affects...

7.5CVSS6.6AI score0.01301EPSS
Exploits4References84
Rows per page
Query Builder