CVE-2014-1582

CVE-2014-1582 affects Mozilla Firefox prior to 33.0, where the Public Key Pinning (PKP) implementation fails to account for SPDY/HTTP2 connection-coalescing on shared IPs, allowing a MITM to bypass pins and spoof a site with a valid certificate from any recognized CA. The issue is tied to Firefox...

CVE-2014-7274

The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certifica...

Design/Logic Flaw

The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certifica...

PYSEC-2014-26

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

Code injection

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

PYSEC-2014-71

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

CVE-2014-7144

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

CVE-2014-7144

OpenStack keystonemiddleware/python-keystoneclient (0.x <0.11.0; 1.x

CVE-2014-7144

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

CVE-2014-7144

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

Debian Security Advisory DSA 3034-1 (iceweasel - security update)

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS the Mozilla Network Security Service library, embedded in Wheezy OpenVAS Vulnerability Test $Id: deb3034.nasl 6637 2017-07-10 09:58:13Z teissa $ Auto-generated from advisory DSA 3034-1 using nvtgen 1.0 Script version: 1.0 Autho...

DSA-3034-1 iceweasel - security update

Bulletin has no description...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2014:1099-1)

Mozilla Firefox was updated to Firefox 32 fixing security issues and bugs. Security issues fixed: MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction...

CVE-2014-3504

The 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof...

Facebook Says 95 Percent of Notification Email Encrypted

All that’s missing from the organic encrypt the web movement seems to be a hashtag. Otherwise, no one can accuse major web providers of slacking as leading players such as Microsoft and Yahoo, prompted by the Snowden leaks, have made noteworthy leaps in the last 15 months to encrypt everything fr...

ablespace 1.0 (xss/bsql) Multiple Vulnerabilities

No description provided by source. riginal advisory: http://dsecrg.com/pages/vul/show.php?id=137 Digital Security Research Group DSecRG Advisory DSECRG-09-037 Application: AbleSpace Versions Affected: 1.0 Vendor URL: http://abk-soft.com/ Bugs: Multiple Blind SQL Injections, Multiple XSS Exploits:...

KDE Libraries: Multiple vulnerabilities

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like operating systems. KDE Libraries contains libraries needed by all KDE applications. Description Multiple vulnerabilities have been discovered in KDE Libraries. Please review the CVE identifiers referenced below...

GLSA-201406-21 : cURL: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201406-21 cURL: Multiple vulnerabilities Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a man-in-the-middle attack via ...

SuSE 11.3 Security Update : openssl-certs (SAT Patch Number 9341)

openssl-certs has been updated to include four new and remove two certificates : - new: AtosTrustedRoot2011:2.8.92.51.203.98.44.95.179.50.crt - new: E-TugraCertificationAuthority:2.8.106.104.62.156.81.15 5.203.83.crt - new: TeliaSoneraRootCAv1:2.17.0.149.190.22.160.247.46.70.2...

openSUSE Security Update : python-httplib2 (openSUSE-SU-2013:0977-1)

This update of python-httplib2 fixed broken SSL certification verification. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-415. The text description of this plugin is C SUSE LLC...