Lucene search
K

84 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago8 views

Curl 7.46.0 < 8.21.0 Trailing Dot Domain Super Cookie

The version of curl installed on the remote host is 7.46.0 prior to 8.21.0. It is, therefore, affected by a cookie injection vulnerability: - A flaw in curl's cookie parsing logic allows a malicious HTTP server to set super cookies that bypass the Public Suffix List check. CVE-2026-8924 Note that...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/24 8:0 a.m.5 views

CURL-CVE-2026-8924 trailing dot domain super cookie

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set "super cookies" that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

5.9AI score
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in curl

This flaw allows a malicious HTTP server to set “super cookies” using curl, which are then transmitted back to multiple origins beyond what is allowed or possible. This enables a site to set cookies that are then sent to different and unrelated sites and domains. The attack exploits a flaw in...

6.5CVSS6.6AI score0.01685EPSS
Exploits1References2
OSV
OSV
added 2026/05/04 1:12 p.m.6 views

JLSEC-2026-411 This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back...

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

6.5CVSS7.2AI score0.01685EPSS
Exploits1References12
Broadcom
Broadcom
added 2026/01/27 12:0 a.m.16 views

This flaw allows a malicious HTTP server to set "super cookies" in curl

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

6.5CVSS7.2AI score0.01685EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.6 views

TencentOS Server 3: curl (TSSA-2024:0097)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0097 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

6.5CVSS7.5AI score0.06208EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.10 views

Azure Linux 3.0 Security Update: cmake / curl / mysql (CVE-2023-46218)

The version of cmake / curl / mysql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-46218 advisory. - This flaw allows a malicious HTTP server to set super cookies in curl that are then passed bac...

6.5CVSS6.3AI score0.01685EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/08/30 12:0 a.m.22 views

CBL Mariner 2.0 Security Update: cmake / curl / mysql (CVE-2023-46218)

The version of cmake / curl / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-46218 advisory. - This flaw allows a malicious HTTP server to set super cookies in curl that are then passed bac...

6.5CVSS6.3AI score0.01685EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.42 views

EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2024-1677)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions a...

6.5CVSS7.4AI score0.06208EPSS
Exploits1References3
Amazon
Amazon
added 2024/05/03 12:0 a.m.6 views

Medium: curl

Issue Overview: This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this b...

6.5CVSS6.9AI score0.01685EPSS
Exploits1
Amazon
Amazon
added 2024/04/30 12:0 a.m.44 views

Medium: curl

Issue Overview: This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this b...

6.5CVSS6.6AI score0.01685EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/04/30 12:0 a.m.37 views

Amazon Linux 2 : curl (ALAS-2024-2531)

The version of curl installed on the remote host is prior to 8.3.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2531 advisory. This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise...

6.5CVSS6.4AI score0.01685EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.30 views

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2024-606)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-606 advisory. This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then...

6.5CVSS6.3AI score0.01685EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2024/04/22 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1543)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.8AI score0.01685EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2024/04/19 12:0 a.m.36 views

EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2024-1524)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is...

6.5CVSS6.3AI score0.01685EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2024/04/19 12:0 a.m.47 views

EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2024-1543)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is...

6.5CVSS6.3AI score0.01685EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2024/04/05 12:0 a.m.51 views

Rocky Linux 8 : curl (RLSA-2024:1601)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1601 advisory. - An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback...

6.5CVSS7.5AI score0.06208EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2024/04/03 12:0 a.m.41 views

Oracle Linux 8 : curl (ELSA-2024-1601)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1601 advisory. - unify the upload/method handling CVE-2023-28322 - fix cookie injection with none file CVE-2023-38546 Tenable has extracted the preceding description...

6.5CVSS7.7AI score0.06208EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2024/04/02 12:0 a.m.189 views

CentOS 8 : curl (CESA-2024:1601)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:1601 advisory. - An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback...

6.5CVSS7.4AI score0.06208EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2024/03/21 12:0 a.m.42 views

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2024-1452)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is...

6.5CVSS6.3AI score0.01685EPSS
Exploits1References2
Rows per page
Query Builder