CVE-2023-46219: When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS…

CVE-2023-46219 [MEDIUM] CVE-2023-46219: When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.

CVE-2023-46219 [MEDIUM] CVE-2023-46219: When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.

CVE-2023-46219 [MEDIUM] CWE-311 GHSA-fj44-3xpp-9cx2: When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.

CVE-2023-46218 [MEDIUM] curl vulnerabilities curl vulnerabilities Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains. (CVE-2023-46218) Maksymilian Arciemowicz discovered that curl incorrectly handled long file names when saving HSTS data. This could result in curl losing HSTS data, and subsequent requests to a site would be done without it, contrary to expectations. This issue only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-46219)

Siemens SIMATIC S7-1500 CPU Family ICS Advisory ## Siemens SIMATIC S7-1500 CPU Family Release DateJune 12, 2025 Alert CodeICSA-25-162-05 Related topics: Industrial Control System Vulnerabilities, Industrial Control Systems As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF ## 1. EXECUTIVE SUMMARY - CVSS v4 8.7 - ATTENTION: Exploitable remotely/low attack complexity - Vendor: Siemens - Equipment: SIMATIC S7-1500 CPU family - Vulnerabilities: Missing Encryption of Sensitive Data, Out-of-bounds Read, Use After Free, Stack-

Siemens SINEC NMS ICS Advisory ## Siemens SINEC NMS Release DateNovember 14, 2024 Alert CodeICSA-24-319-04 Related topics: Industrial Control System Vulnerabilities, Industrial Control Systems As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF ## 1. EXECUTIVE SUMMARY - CVSS v4 8.3 - ATTENTION: Exploitable remotely/low attack complexity - Vendor: Siemens - Equipment: SINEC NMS - Vulnerabilities: Improper Input Validation, Improper Check for Unusual or Exceptional Conditions, Out-of-bounds Write, Uncontro

Siemens SIMATIC RTLS Locating Manager ICS Advisory ## Siemens SIMATIC RTLS Locating Manager Release DateMay 16, 2024 Alert CodeICSA-24-137-07 As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF ## 1. EXECUTIVE SUMMARY - CVSS v4 10.0 - ATTENTION: Exploitable remotely/low attack complexity - Vendor: Siemens - Equipment: SIMATIC RTLS Locating Manager - Vulnerabilities: Improper Input Validation, Improper Check for Unusual or Exceptional Conditions, Uncontrolled Resource Consumption, Excessive Iteration, Allocation of Resources Wi

CVE-2023-46219 [MEDIUM] CWE-311 When saving HSTS data to an excessively long file name curl could end up removing all contents making subsequent requests using that file unaware of the HSTS status they should otherwise use. When saving HSTS data to an excessively long file name curl could end up removing all contents making subsequent requests using that file unaware of the HSTS status they should otherwise use. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to r

CVE-2023-46219 [MEDIUM] CWE-311 curl: excessively long file name may lead to unknown HSTS status curl: excessively long file name may lead to unknown HSTS status When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. A security bypass flaw was found in Curl, which can be triggered by saving HSTS data to an excessively long file name. This issue occurs due to an error in handling HSTS long file names, leading to the removal of all contents from the file during the save process, and may allow a remote attacker to send a specially crafted request to use files without awareness of the HSTS status and enable a Man-in-the-Middle (MitM) attack. Package: curl (Red Hat Enterprise Linux 6) - Not affected Package: curl (Red Hat Enterprise Linux 7) - Not a

CVE-2023-46219 [MEDIUM] curl vulnerabilities Title: curl vulnerabilities Summary: Several security issues were fixed in curl. Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains. (CVE-2023-46218) Maksymilian Arciemowicz discovered that curl incorrectly handled long file names when saving HSTS data. This could result in curl losing HSTS data, and subsequent requests to a site would be done without it, contrary to expectations. This issue only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-46219) Instructions: In general, a standard system update will make all the necessary changes.

CVE-2023-46219 [MEDIUM] CVE-2023-46219: curl - When saving HSTS data to an excessively long file name, curl could end up removi... When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. Scope: local bookworm: resolved (fixed in 7.88.1-10+deb12u5) bullseye: open forky: resolved (fixed in 8.5.0-1) sid: resolved (fixed in 8.5.0-1) trixie: resolved (fixed in 8.5.0-1)

[MEDIUM] curl HSTS long file name clears contents curl HSTS long file name clears contents ## VULNERABILITY When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. ## INFO The reason for this bug is that save function appended a suffix to the file name, created a temporary file and then in the last step renamed that to the final name. When the file name length was close to the limit of what is allowed on the file system, adding the extension would make it too long and then trigger this bug. ## Hackerone ticket #2236133 ## Impact HSTS bypass HSTS long file name clears contents VULNERABILITY When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subs

CVE-2023-46219 [MEDIUM] CVE-2023-46219: HSTS long file name clears contents CVE-2023-46219: HSTS long file name clears contents ## Summary: I've discovered a significant security flaw in cURL's file handling, particularly affecting the HSTS (HTTP Strict Transport Security) database when handling long filenames. ### Vulnerability Description cURL erroneously creates temporary files with names potentially exceeding the filesystem's maximum filename length (typically 255 bytes for ext4, etc.). If a filename used in the HSTS database is longer than 243 bytes (255 bytes minus 9 for the random suffix and 4 for the '.tmp' extension), an unexpected security error occurs, leading to the HSTS database being overwritten. ### Affected Code **File: curl/lib/fopen.c** ```c CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, FILE **fh, char **tempname) { CURLco

Co-RedTeam: Orchestrated Security Discovery and Exploitation with LLM Agents ## Introduction Red teaming plays a foundational role in modern cybersecurity by proactively identifying, exploiting, and mitigating vulnerabilities before they are abused in real-world attacks. Systematic red-teaming efforts help organizations assess their security posture, validate defenses, and reduce potential financial and operational losses caused by software vulnerabilities . Standardized frameworks like the Common Weakness Enumeration (CWE) and the OWASP Top 10 systematize recurring software flaws, highlighting the widespread prevalence and severity of vulnerabilities in deployed systems. In practice, however, effective red teaming remains a complex and labor-intensive process that requires deep domain expertise, iterative hypothesis testing, and careful reasoning across large cod