12 matches found
ALSA-2026:1350 Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: libcurl: Curl out of bounds read for cookie path CVE-2025-9086 For more details about the security issues, including...
CLSA-2026-1769092364 curl: Fix of CVE-2025-9086
CVE-2025-9086: cookie: don't treat the leading slash as trailing...
CLSA-2026-1767808644 curl: Fix of CVE-2025-9086
CVE-2025-9086: cookie: don't treat the leading slash as trailing...
[SECURITY] [DLA 4432-1] curl security update
Debian LTS Advisory DLA-4432-1 [email protected] https://www.debian.org/lts/security/ Carlos Henrique Lima Melara January 04, 2026 https://wiki.debian.org/LTS Package : curl Version : 7.74.0-1.3+deb11u16 CVE ID : CVE-2025-9086 Debian Bug : A vulnerability was found in Curl, an easy-to-u...
curl security update
An update is available for curl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The curl packages provide the libcurl library and the curl utility for downloadi...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-2478)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
AIX is vulnerable to a denial of service (CVE-2025-9086) due to cURL libcurl
IBM SECURITY ADVISORY First Issued: Wed Dec 10 16:31:39 CST 2025 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curladvisory8.asc Security Bulletin: AIX is vulnerable to a denial of service CVE-2025-9086 due to cURL libcurl...
RHEL 9 : curl (RHSA-2025:23043)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23043 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP,...
SUSE SLED15: brotli / curl / libbrotli-devel / libbrotlicommon1 / etc (SUSE-SU-2025:03268-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03268-1 advisory. Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies c...
CVE-2025-9086
1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path='/'. Since this site is not...
Mageia: Security Advisory (MGASA-2025-0232)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-9086
A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...