Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url

Impact Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986, protocol-relative URLs e.g. //evil.com/path are treated as network-path references that override the base URL's host/authority...

Siemens RUGGEDCOM ROX (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM ROX --------- Begin Update A Part 1 of 2 --------- Vulnerabilities: Improper Privilege Management, Execution with Unnecessary Privileges, Improper Handling of Insufficient...