SUSE CVE-2015-1263

The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...

SUSE CVE-2015-8400

The HTTPS fallback implementation in Shell In A Box aka shellinabox before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL...

SUSE CVE-2020-2816

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability c...

UBUNTU-CVE-2022-21626

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...

CVE-2022-2996

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

GHSA-V78C-4P63-2J6C Cleartext Transmission of Sensitive Information in moment-timezone

Impact if Alice uses grunt data or grunt release to prepare a custom-build, moment-timezone with the latest tzdata from IANA's website and Mallory intercepts the request to IANA's unencrypted ftp server, Mallory can serve data which might exploit further stages of the moment-timezone tzdata...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when creating HTTPS web requests while building X509 certificate chains. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users...

ALPINE-CVE-2021-22939

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted...

Vulnerability fixed in Lynx

A vulnerability has been fixed in Lynx. A malicious person at remote can exploit the vulnerability to obtain login credentials sent over HTTPS via Lynx to a server. transmitted. To do this, the malicious party must have access to network traffic between the victim and the server. It is not...

CVE-2021-1277

Multiple vulnerabilities in Cisco Data Center Network Manager DCNM could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when...

Man-in-the-Middle (MitM)

jasperreports-plugin is vulnerable to man-in-the-middle attacks. The dependencies are not resolved via a secure HTTP channel, allowing a man-in-the-middle attacker to intercept and modify data within the dependencies...

DEBIAN-CVE-2020-15134

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...

CVE-2020-14617

Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Platform, Mobile App. Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8 and 19.12; Mobile App: Prior to 20.6. Easily exploitable vulnerability allows low privileged attacker with...

CVE-2020-2514

Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 19.2. Easily exploitable vulnerability allows low privileged attacker having End User Role privilege with network access via HTTPS to compromise Oracle Applicati...

CVE-2019-1982

A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due t...

UBUNTU-CVE-2019-3685

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary...

CVE-2019-2751

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: OHS Config MBeans. Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle...

Security Bulletin: IBM Security Information Queue web server allows downgrading to non-secure HTTP

Summary The IBM Security Information Queue ISIQ web server defaults to HTTPS, but does not enforce it. This could result in users navigating to an unencrypted version of ISIQ's web application. As of ISIQ v1.0.3, HTTPS is now enforced. Vulnerability Details CVEID: CVE-2019-4162 DESCRIPTION: IBM...

Security Bulletin: IBM OpenPages GRC Platform has addressed secure HTTP header improvements (CVE-2017-1290)

Summary IBM OpenPages GRC Platform has addressed potential security exposure due to some missing secure HTTP headers Vulnerability Details CVEID: CVE-2017-1290 DESCRIPTION: IBM OpenPages GRC Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

CVE-2017-5384

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...