87 matches found
CVE-2014-5444
Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate...
CVE-2014-5444
Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate...
Scientific Linux Security Update : wget on SL6.x i386/x86_64 (20140210)
It was discovered that wget used a file name provided by the server when saving a downloaded file. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. CVE-2010-2252 Note: With this update, wget always us...
CVE-2013-1415
The pkinitcheckkdcpkid function in plugins/preauth/pkinit/pkinitcryptoopenssl.c in the PKINIT implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate,...
Mandriva Update for firefox MDVSA-2010:251 (firefox)
Check for the Version of firefox OpenVAS Vulnerability Test Mandriva Update for firefox MDVSA-2010:251 firefox Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
Mandriva Linux Security Advisory : firefox (MDVSA-2010:251-2)
Security issues were identified and fixed in firefox : Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are vulnerable to XSS attacks due to some characters being converted to angle brackets when displayed b...
Location bar SSL spoofing using network error page — Mozilla
Google security researcher Michal Zalewski reported that when a window was opened to a site resulting in a network or certificate error page, the opening site could access the document inside the opened window and inject arbitrary content. An attacker could use this bug to spoof the location bar...