CVE-2016-1000033

Shotwell version 0.22.0 and possibly other versions is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks...

CVE-2016-1000033

CVE-2016-1000033 affects Shotwell 0.22.0 (and possibly other versions) and is described as a TLS/SSL certificate validation flaw that can enable man-in-the-middle attacks. The connected sources corroborate the vulnerability in Shotwell and its impact, but do not provide a vendor patch/version to ...

CVE-2016-1000033

Shotwell version 0.22.0 and possibly other versions is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks...

Design/Logic Flaw

Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org...

CVE-2016-5284

Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org...

Yokogawa STARDOM Certification Bypass Vulnerability

The Yokogawa STARDOM FCN/FCJ controller is a controller for use in network-based control systems. The Yokogawa STARDOM FCN/FCJ controller fails to require authentication for Logic Designer connections, which could be used by a remote attacker to submit a special request to control the device...

CVE-2016-5284

Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org...

CVE-2016-5284

Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org...

Hardcoded credentials

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging th...

Crestron Electronics DM-TXRX-100-STR Man-in-the-Middle Attack Vulnerability

The Crestron Electronics DM-TXRX-100-STR is a multimedia streaming codec. The Crestron Electronics DM-TXRX-100-STR 1.3039.00040 uses a hard-coded X.509 certificate from the OpenSSL Test Certification Authority. This allows a man-in-the-middle attacker to spoof a server and obtain sensitive...

Juniper Networks Junos OS Certification Validation Vulnerability

Junos OS is prone to a certification verification vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; ...

CVE-2016-1694

browser/browsingdata/browsingdataremover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority...

CVE-2016-1694

browser/browsingdata/browsingdataremover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority...

Design/Logic Flaw

browser/browsingdata/browsingdataremover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority...

CVE-2016-1694

browser/browsingdata/browsingdataremover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority...

CVE-2016-1694

CVE-2016-1694 affects Google Chrome before 51.0.2704.63, where browser/browsing_data/browsing_data_remover.cc deletes HPKP pins during cache cleanup. This undermines certificate pinning, enabling remote attackers to spoof websites by presenting a valid certificate from any trusted CA. The public ...

CVE-2016-1694

Removed by vendor...

CVE-2016-1694

browser/browsingdata/browsingdataremover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority...

Vulnerability in OpenSSL - Memory corruption in the ASN.1 encoder

This issue affected versions of OpenSSL prior to April 2015. The bug causing the vulnerability was fixed on April 18th 2015, and released as part of the June 11th 2015 security releases. The security impact of the bug was not known at the time. In previous versions of OpenSSL, ASN.1 encoding the...

Error: "javax.naming.CommunicationException: simple bind failed" while Binding LDAPS on XenMobile

The following error is displayed when binding LDAPS on XenMobile: LDAP communication error: javax.naming.CommunicationException: simple bind failed: domain-controller-binding-to:636 Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path buildin...