13 matches found
curl: Buffer overflow and affected url:-https://github.com/curl/curl/blob/master/docs/examples/hsts-preload.c
Vulnerability description not provided...
SUSE CVE-2015-1269
The DecodeHSTSPreloadRaw function in net/http/transportsecuritystate.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string...
February 12, 2019—KB4487000 (Monthly Rollup)
February 12, 2019—KB4487000 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4480969released January 15, 2019 and addresses the following issues: Addresses an issue that may prevent applications that use a Microsoft Jet databa...
October 11, 2016 — KB3192440 (OS Build 10240.17146)
October 11, 2016 — KB3192440 OS Build 10240.17146 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Windows graphics device interface GDI. Addressed issue causing printer...
October 27, 2016 — KB3197954 (OS Build 14393.351)
October 27, 2016 — KB3197954 OS Build 14393.351 This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Internet Explorer 11, Start, File Explorer, action center, graphics, and the Windows kernel...
October 11, 2016 — KB3192441 (OS Build 10586.633)
October 11, 2016 — KB3192441 OS Build 10586.633 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Internet Explorer 11, kernel mode drivers, downloading apps from Microso...
Paragon Initiative Enterprises: Non-secure requests are not automatically upgraded to HTTPS
Non-secure requests to bridge.cspr.ng e.g. http://bridge.cspr.ng/ are not automatically upgraded to HTTPS. This is not something you would notice when you use the latest version of modern web browsers such as Google Chrome or Firefox, because bridge.cspr.ng is HSTS preloaded. When a domain is...
SSL/TLS: `preload` Missing in HSTS Header
The remote web server is missing the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.105878";...
Apple iOS CFNetwork HTTPProtocol Component Vulnerability
Apple iOS is an operating system for mobile devices developed by Apple Inc. The CFNetwork HTTPProtocol is one of the components used to send requests to create simple instances. A security vulnerability exists in the CFNetwork HTTPProtocol component in versions of Apple iOS prior to 9, which stem...
CVE-2015-5859
The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...
Hardcoded credentials
The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...
UBUNTU-CVE-2015-1269
The DecodeHSTSPreloadRaw function in net/http/transportsecuritystate.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string...
chromium-browser: Normalization error in HSTS/HPKP preload list
The DecodeHSTSPreloadRaw function in net/http/transportsecuritystate.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string...