[SECURITY] Fedora 36 Update: curl-7.82.0-4.fc36

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Cloudflare Successfully Thwarted One of The Largest DDoS Attacks

By Waqas Cloudflare explained that it wasnt the largest application-layer attack but the largest ever noted in the HTTPS category.… This is a post from HackRead.com Read the original post: Cloudflare Successfully Thwarted One of The Largest DDoS Attacks...

15.3 Million Request-Per-Second DDoS Attack

Cloudflare is reporting a large DDoS attack against an unnamed company "operating a crypto launchpad." While this isnt the largest application-layer attack weve seen, it is the largest weve seen over HTTPS. HTTPS DDoS attacks are more expensive in terms of required computational resources because...

Security Bulletin: IBM Robotic Process Automation may be vulnerable to an exposure of sensitive information by an unauthorized actor through follow-redirects (CVE-2022-0536)

Summary Security Bulletin: IBM Robotic Process Automation may be vulnerable to an exposure of sensitive information by an unauthorized actor through follow-redirects CVE-2022-0536 Vulnerability Details CVEID: CVE-2022-0536 DESCRIPTION: Node.js follow-redirects module could allow a remote...

curl: CVE-2022-30115: HSTS bypass via trailing dot

curl allows users to load a HSTS cache which will cause curl to use HTTPS instead of HTTP given a HTTP URL for a given site specified in the HSTS cache. If the trailing dot is used, the HSTS check will be bypassed. If a user has a preloaded hsts.txt: Your HSTS cache. https://curl.se/docs/hsts.htm...

CVE-2022-20745

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to...

CVE-2022-20759

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, but unprivileged, remote attacker to elevate privileges to level 15. This vulnerability is d...

Input validation

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to...

CVE-2022-20759 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Privilege Escalation Vulnerability

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, but unprivileged, remote attacker to elevate privileges to level 15. This vulnerability is d...

CVE-2022-20745 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Denial of Service Vulnerability

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to...

CVE-2022-20745 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Denial of Service Vulnerability

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to...

One of the Most Powerful DDoS Attacks Ever Hits a Crypto Platform

The onslaught was delivered through HTTPS, which puts more strain on a target, and it suggests that attackers are getting more powerful...

USN-5397-1: curl vulnerabilities

Patrick Monnerat discovered that curl incorrectly handled certain OAUTH2. An attacker could possibly use this issue to access sensitive information. CVE-2022-22576 Harry Sintonen discovered that curl incorrectly handled certain requests. An attacker could possibly use this issue to expose sensiti...

Cloudflare Thwarts Record DDoS Attack Peaking at 15 Million Requests Per Second

Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second RPS distributed denial-of-service DDoS attack. The web infrastructure and website security company called it one of the "largest HTTPS DDoS attacks on record." "HTTPS DDoS attacks are more expensive in...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : curl vulnerabilities (USN-5397-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5397-1 advisory. Patrick Monnerat discovered that curl incorrectly handled certain OAUTH2. An attacker could possibly use this issue to access...

CVE-2022-22275

CVE-2022-22275 pertains to SonicOS (SonicWall firewall) and describes an improper restriction of the TCP communication channel for HTTP/S inbound traffic from WAN to DMZ, potentially enabling a DoS attack until the TCP handshake completes. Connected sources (SonicWall PSIRT SNWLID-2022-0004) conf...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Denial of Service Vulnerability

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to...

Internet Bug Bounty: CVE-2022-27776: Auth/cookie leak on redirect

Summary: curl/libcurl can be coaxed to leak Authorization / Cookie headers by redirecting request to http:// URL on the same host. Successful exploitation requires that the attacker can either Man-in-the-Middle the connection or can access the traffic at the recipient side for example by...

Cannot start app **** - Issue when Storefront STA's configure as https.

Issue accessing the url of storefront store through Citrix ADC. Users are able to access storefront, but when users try to open any application it gives an error: Cannot start app However, when accessing the storefront url internally using store URL, all the applications open without problems,...

curl: CVE-2022-27776: Auth/cookie leak on redirect

Summary: Curl can be coaxed to leak Authorisation / Cookie headers by redirecting request to http:// URL on the same host. Successful exploitation requires that the attacker can either Man-in-the-Middle the connection or can access the traffic at the recipient side for example by redirecting to a...