curl: Able to bypass HSTS using trailing dot

Summary: curl allows users to load a HSTS cache which will cause curl to use HTTPS instead of HTTP given a HTTP URL for a given site specified in the HSTS cache. Affected version curl version used for reproducing this issue is: 8.16.0 curl --version curl 8.16.0 Windows libcurl/8.16.0 Schannel...

EUVD-2022-6821

Malicious code in bioql PyPI...

CVE-2022-31167

XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entr...

ROS-20241203-32

A vulnerability in the implementation of the HSTS HTTP Strict Transport Security mechanism of the curl command line utility exists due to a bug in the implementation of the HSTS cache. Exploitation of the vulnerability could allow an attacker, acting remotely to conduct a man-in-the-middle attack...

GHSA-GG53-WF5X-R3R6 XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference

Impact A bug in the security cache is storing rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry. That means that it's possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the n...

Design/Logic Flaw

XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entr...

CVE-2022-31167 XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference

XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entr...

CVE-2022-31167 XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference

XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entr...

PT-2022-20581 · Xwiki · Xwiki Platform Security Parent Pom

Name of the Vulnerable Software and Affected Versions: XWiki Platform Security Parent POM versions 5.0 through 12.10.10 XWiki Platform Security Parent POM versions 13.0.0 through 13.4.5 XWiki Platform Security Parent POM versions 13.5.0 through 13.10.0 Description: A bug in the security cache...

SUSE-SU-2021:0166-1 Security update for dnsmasq

This update for dnsmasq fixes the following issues: - bsc1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows...