Lucene search
+L

14 matches found

NVD
NVD
added 2025/08/13 3:15 p.m.8 views

CVE-2025-54809

F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.8CVSS0.00251EPSS
Exploits0References1
RubySec
RubySec
added 2025/08/07 12:0 a.m.12 views

JWE is missing AES-GCM authentication tag validation in encrypted JWE

Overview The authentication tag of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. Impact - JWEs can be modified to decrypt to an arbitrary value - JWEs can be decrypted by observing parsing differences - The...

9.1CVSS6.4AI score0.00244EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2024/01/25 8:32 a.m.3 views

http-tiny: perl: insecure TLS cert default

A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verifySSL=1 flag to ensure secure HTTPS connections. This oversight can potentially expose...

8.1CVSS6.9AI score0.01742EPSS
Exploits0References4
NVD
NVD
added 2023/08/09 7:15 a.m.24 views

CVE-2023-37858

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password...

4.9CVSS5AI score0.00339EPSS
Exploits0References1
OSV
OSV
added 2022/09/23 12:0 a.m.5 views

UBUNTU-CVE-2022-41317

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7...

6.5CVSS6.8AI score0.0169EPSS
Exploits0References4
Malwarebytes
Malwarebytes
added 2021/06/30 6:53 p.m.39 views

Police seize DoubleVPN data, servers, and domain

A coordinated effort between global law enforcement agencies—led by the Dutch National Police—shut down a VPN service that was advertised on cybercrime forums. The VPN company promised users the ability to double- and triple-encrypt their web traffic to obscure their location and identity. The...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/29 8:15 p.m.14 views

The one reason your iPhone needs a VPN

For years, Apple has marketed its iPhone as the more secure, more private option when compared to other smart phones, which do not, by default, include an end-to-end encrypted messaging app, warn users repeatedly about app location requests, or provide a privacy-forward Single Sign-On feature. Bu...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/01/21 3:22 a.m.3 views

undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS

A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

7.5CVSS5.8AI score0.02137EPSS
Exploits0References4
Wired Threat Level
Wired Threat Level
added 2019/06/13 2:26 p.m.141 views

Google's Push to Close a Major Encrypted Web Loophole

By building security into top-level domains, Google makes it harder for HTTPS to fall short...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/10/24 3:0 p.m.79 views

Mac malware intercepts encrypted web traffic for ad injection

Last week, Malwarebytes researcher Adam Thomas found an interesting new piece of Mac malware that exhibits some troubling behaviors, including intercepting encrypted web traffic to inject ads. Let's take a closer look at this adware, which Malwarebytes for Mac detects as OSX.SearchAwesome, to see...

0.1AI score
Exploits0
OSV
OSV
added 2018/06/26 4:29 p.m.10 views

UBUNTU-CVE-2018-1000500

Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file"...

8.1CVSS6AI score0.02462EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/03/22 5:11 p.m.6 views

tomcat: Infinite loop in the processing of https requests

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop...

7.5CVSS5.8AI score0.07486EPSS
Exploits0References6
CISA
CISA
added 2015/11/24 12:0 a.m.12 views

Dell Computers Contain CA Root Certificate Vulnerability

Dell personal computers using the preinstalled certificate authority CA root certificate eDellRoot contain a critical vulnerability. Exploitation of the vulnerability could allow a remote attacker to read encrypted web browser traffic HTTPS, impersonate spoof any website, or perform other attacks...

6.5AI score
Exploits0References2
The Hacker News
The Hacker News
added 2013/08/03 3:58 p.m.8 views

BREACH decodes HTTPS encrypted data in 30 seconds

A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic in just 30 seconds. The technique was demonstrated at the Black Hat security conference in Las Vegas Presentation PDF & Paper by Gluck along with...

6.9AI score
Exploits0
Rows per page
Query Builder