RHEL 8 : curl (RHSA-2022:5313)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5313 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Robustel R1510 clish art2 command execution vulnerability

Summary A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions Robustel R1510 3.3.0...

curl security update

7.76.1-14.el90.4 - fix too eager reuse of TLS and SSH connections CVE-2022-27782 7.76.1-14.el90.3 - fix leak of SRP credentials in redirects CVE-2022-27774 7.76.1-14.el90.2 - add missing tests to Makefile 7.76.1-14.el90.1 - fix credential leak on redirect CVE-2022-27774 - fix auth/cookie leak on...

curl security update

7.61.1-22.el86.3 - fix too eager reuse of TLS and SSH connections CVE-2022-27782 7.61.1-22.el86.2 - fix invalid type in printf argument detected by Coverity 7.61.1-22.el86.1 - fix credential leak on redirect CVE-2022-27774 - fix auth/cookie leak on redirect CVE-2022-27776 - fix OAUTH2 bearer bypa...

ALSA-2022:5313 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl:...

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl:...

Emerson DeltaV Distributed Control System

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable on adjacent network/high attack complexity Vendor: Emerson Equipment: DeltaV Distributed Control System Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Insufficient Verification of Data...

CLSA-2022-1656430138 Fixed CVEs in curl: CVE-2022-27780, CVE-2022-27781, CVE-2022-27782

CVE-2022-27782: check additional TLS or SSH connection parameters that should have prohibited connection reuse - CVE-2022-27781: add limit of certificates which can be traversed breaking possible infinite loop - CVE-2022-27780: exclude malicious characters from url to prevent incorrect address...

cloud-init bug fix and enhancement update

An update is available for cloud-init. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cloud-init packages provide a set of init scripts for cloud instances...

curl security update

An update is available for curl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The curl packages provide the libcurl library and the curl utility for downloadi...

RLSA-2022:5313 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl:...

CVE-2022-28622

A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2...

Code injection

A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2...

CVE-2022-28622

CVE-2022-28622 affects HPE StoreOnce Software. The SSH server supports weak key exchange algorithms, enabling potential remote unauthorized access. A fix is available in HPE StoreOnce Software 4.3.2. Affected product: HPE StoreOnce Software. Remediation: upgrade to version 4.3.2 (or apply the ven...

CVE-2022-28622

A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2...

Secheron SEPCOS Control and Protection Relay Weak Password Vulnerability

Secheron SEPCOS Control and Protection Relay is a relay from Secheron. Control and protect your DC panels and contact lines from short circuits and other electrical faults, and benefit from enhanced communication capabilities.The Secheron SEPCOS Control and Protection Relay has a weak password...

CVE-2022-1668

Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH...

Design/Logic Flaw

Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH...

CVE-2022-1668

CVE-2022-1668 affects Secheron SEPCOS Control and Protection Relay. Weak default root credentials allow remote attackers to obtain OS superuser privileges over an open SSH port. Public advisories (ICS-CISA) describe multiple related vulnerabilities and confirm a high-severity risk with remote exp...