Siemens SCALANCE and RUGGEDCOM Devices Incorrect Comparison (CVE-2024-9681)

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

Security update for curl

This update for curl fixes the following issues: CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry bsc1232528 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...

Medium: curl

Issue Overview: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform...

AZL-52335 CVE-2024-9681 affecting package curl for versions less than 8.8.0-5

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

ROS-20220524-21

The cURL command-line utility vulnerability is related to a bug in the HSTS implementation that could allow curl to continue using the HTTP protocol instead of HTTPS if the hostname in the specified URL used an endpoint but did not use it when building the HSTS cache. Exploitation of the...