5272 matches found
CVE-2015-1244
Removed by vendor...
CVE-2015-1244
The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...
UBUNTU-CVE-2015-1244
The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...
Important: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update
Updated OpenStack Compute nova packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security...
openstack-nova: console Cross-Site WebSocket hijacking
It was discovered that the OpenStack Compute nova console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw...
openstack-nova: console Cross-Site WebSocket hijacking
It was discovered that the OpenStack Compute nova console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw...
chromium-browser: HSTS bypass in WebSockets
The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...
Google Chrome < 42.0.2311.90 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities as referenced in the 201504stable-channel-update14 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers...
Google Chrome < 42.0.2311.90 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities as referenced in the 201504stable-channel-update14 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attacke...
Updated qemu packages fix security vulnerabilities
Updated qemu packages fix security vulnerabilities: A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table PRDT data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system rhbz1204919...
SuSE 11.3 Security Update : apache2 (SAT Patch Number 10533)
The Apache2 webserver was updated to fix various issues. The following feature was added : - Provide support for the tunneling of web socket connections to a backend websockets server. FATE316880 The following security issues have been fixed : - The modheaders module in the Apache HTTP Server...
openstack-nova: console Cross-Site WebSocket hijacking
It was discovered that the OpenStack Compute nova console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw...
Important: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update
Updated openstack-nova packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System...
OpenStack Compute websocket request source incorrect checksum validation hijacking vulnerability
OpenStack is a cloud computing platform developed by Rackspace and NASA to help service providers and on-premises organizations implement cloud infrastructures similar to Amazon EC2 and S3. OpenStack Compute and kilo fails to properly calibrate the source of Websocket requests vulnerability allow...
CVE-2015-0259
OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage...
DEBIAN-CVE-2015-0259
OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage...
CVE-2015-0259
OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage...
Authentication flaw
OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage...
CVE-2015-0259
OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage...
UBUNTU-CVE-2015-0259
OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage...