UBUNTU-CVE-2016-2113

Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate...

UBUNTU-CVE-2016-2525

epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service memory consumption or application crash via a crafted packet...

Vulnerability of browsers Internet Explorer and Microsoft Edge, allowing hackers to replace web pages

The vulnerabilities of Internet Explorer and Microsoft Edge exist due to deficiencies in the implementation of HTTP responses. Exploiting these vulnerabilities allows a malicious actor to replace websites using a specially crafted URL...

curl: Negotiate not treated as connection-oriented

It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application using libcurl established a Negotiate authenticated HTTP connection to a server and sent subsequent requests with different credentials, the connection could ...

Unspecified Vulnerability in Oracle Hyperion BI+

Oracle Hyperion BI+ is a business intelligence program. A security vulnerability exists in Oracle Hyperion BI+. It allows attackers to exploit this vulnerability to compromise the 'Reporting and Analysis' subcomponent over the HTTP protocol...

Cisco Hosted Collaboration Solution Information Disclosure Vulnerability

Cisco Hosted Collaboration Solution HCS is a cloud service that provides communication and collaboration solutions. A security vulnerability exists in Cisco Hosted Collaboration Solution SOAP that could be exploited by an attacker to obtain sensitive information and perform unauthorized access...

Multiple Memory Corruption Vulnerabilities in Privoxy

Privoxy is a proxy server with filtering for HTTP and HTTPS protocols, often used in combination with Tor. Privoxy has several memory corruption vulnerabilities that can be exploited by attackers to obtain sensitive information or cause a denial of service...

UBUNTU-CVE-2012-2125

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...

OpenJDK HttpURLConnection request splitting (6952017)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted HTTP headers, which are not...

wireshark HTTP dissector flaws

Unspecified vulnerability in the HTTP dissector for Wireshark formerly Ethereal 0.10.14 to 0.99.6 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted chunked messages...

Wireshark crashes when inspecting HTTP traffic

Wireshark before 0.99.6 allows remote attackers to cause a denial of service crash via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload...

DEBIAN-CVE-2007-0458

Unspecified vulnerability in the HTTP dissector in Wireshark formerly Ethereal 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service application crash via unspecified vectors, a different issue than CVE-2006-5468...