New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access

Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally...

Debian: Security Advisory (DLA-0005-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Protect

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiOS and FortiProxy administrative interface may allow an unauthenticated attacker to obtain sensitive logging information on the device via crafted HTTP or HTTPs GET requests...

Buffer overflow

A buffer underwrite 'buffer underflow' vulnerability in FortiOS, FortiManager, FortiAnalyzer, FortiWeb, FortiProxy & FortiSwitchManager administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically...

FreeBSD : curl -- multiple vulnerabilities (be233fc6-bae7-11ed-a4fb-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the be233fc6-bae7-11ed-a4fb-080027f5fec9 advisory. - A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that...

[SECURITY] Fedora 36 Update: curl-7.82.0-13.fc36

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

CVE-2022-32906

This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections...

CVE-2021-46841

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity...

Design/Logic Flaw

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity...

USN-5894-1: curl vulnerabilities

Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. This issue was only fixed in Ubunt...

USN-5891-1: curl vulnerabilities

Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. CVE-2023-23914 Harry Sintonen...

CVE-2022-32906

Apple Music on Android was affected by CVE-2022-32906, where a user in a privileged network position could intercept SSL/TLS connections, exposing data. The issue was addressed in Apple Music 3.9.10 for Android by enforcing HTTPS for network communication. Affected versions prior to 3.9.10 potent...

CVE-2021-46841

CVE-2021-46841 affects Apple Music on Android prior to version 3.5.0. The issue allowed an attacker in a privileged network position to track a user’s activity due to inadequate protection when transmitting data over the network. Apple’s security note confirms the remediation: Apple Music 3.5.0 f...

CVE-2021-46841

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity...

CVE-2022-32906

This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections...

CVE-2021-46841

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity...

CVE-2022-32906

This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections...

Undertow client not checking server identity presented by server certificate in https connections

The undertow client is not checking the server identity presented by the server certificate in https connections. This should be performed by default in https and in http/2...

GHSA-PFCC-3G6R-8RG8 Undertow client not checking server identity presented by server certificate in https connections

The undertow client is not checking the server identity presented by the server certificate in https connections. This should be performed by default in https and in http/2...

CVE-2023-23914

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is...