Phoenix Contact FL MGUARD DM 安全漏洞

PHOENIX CONTACT FL MGUARD DM is centralized device management software for MGUARD devices from PHOENIX CONTACT, Germany, for any number of devices in the field. A security vulnerability exists in the PHOENIX CONTACT FL MGUARD and TC MGUARD driver version 8.9.0 and prior versions, which originates...

[SECURITY] Fedora 35 Update: curl-7.79.1-7.fc35

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Cisco Firepower Management Center Software Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface...

Cisco Firepower Threat Defense Software Privilege Escalation Vulnerability

A vulnerability in the management web server of Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly...

Debian dla-3180 : python-scciclient-doc - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3180 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3180-1 [email protected] https://www.debian.org/lts/security/...

CVE-2022-33684

The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or...

CVE-2021-27784

The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages...

Design/Logic Flaw

The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages...

CVE-2021-27784 HCL Launch container images may contain non-unique https certificates and database encryption key

The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages...

CVE-2021-27784 HCL Launch container images may contain non-unique https certificates and database encryption key

The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages...

CVE-2021-27784

CVE-2021-27784 affects HCL Launch Container images, where non-unique HTTPS certificates and a database encryption key are included. The documented vulnerability is limited to the container images and does not affect standard installer packages. The available remediation is a fix that provides dir...

Samsung Galaxy Store Bug Could've Let Hackers Secretly Install Apps on Targeted Devices

A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones. The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting XSS bug that occurs when handlin...

CVE-2022-42916

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly instead of using an insecure cleartext HTTP step even when HTTP is provided in the URL. This mechanism could be bypassed if the host nam...

CVE-2022-42916

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly instead of using an insecure cleartext HTTP step even when HTTP is provided in the URL. This mechanism could be bypassed if the host nam...

CVE-2022-42916

CVE-2022-42916 affects curl’s HSTS check: when hostnames contain IDN characters that map to ASCII (e.g., IDEOGRAPHIC FULL STOP U+3002), curl can bypass HSTS and end up using HTTP instead of HTTPS. This could lead to cleartext transmission if an HTTP URL is provided. The issue is tied to curl vers...

CVE-2022-42916

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly instead of using an insecure cleartext HTTP step even when HTTP is provided in the URL. This mechanism could be bypassed if the host nam...

SUSE SLED15: curl / libcurl-devel / libcurl-devel-32bit / libcurl4 / etc (SUSE-SU-2022:3785-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3785-1 advisory. - CVE-2022-32221: Fixed POST following PUT confusion bsc1204383. - CVE-2022-42916: Fixed HSTS...

SUSE SLED15: buildah / libgpg-error-devel / libgpg-error-devel-32bit / etc (SUSE-SU-2022:3766-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3766-1 advisory. - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary...

USN-5702-2: curl vulnerability

USN-5702-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications...

USN-5702-1: curl vulnerabilities

Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. CVE-2022-32221 Hiroki Kurosawa discovered that curl incorrectly handled parsin...