13 matches found
curl: Buffer overflow and affected url:-https://github.com/curl/curl/blob/master/docs/examples/hsts-preload.c
Vulnerability description not provided...
SUSE CVE-2015-1269
The DecodeHSTSPreloadRaw function in net/http/transportsecuritystate.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string...
February 12, 2019—KB4487000 (Monthly Rollup)
None None...
Paragon Initiative Enterprises: Non-secure requests are not automatically upgraded to HTTPS
Non-secure requests to bridge.cspr.ng e.g. http://bridge.cspr.ng/ are not automatically upgraded to HTTPS. This is not something you would notice when you use the latest version of modern web browsers such as Google Chrome or Firefox, because bridge.cspr.ng is HSTS preloaded. When a domain is...
October 27, 2016 — KB3197954 (OS Build 14393.351)
None None...
October 11, 2016 — KB3192440 (OS Build 10240.17146)
None None...
October 11, 2016 — KB3192441 (OS Build 10586.633)
None None...
SSL/TLS: `preload` Missing in HSTS Header
The remote web server is missing the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.105878";...
Apple iOS CFNetwork HTTPProtocol Component Vulnerability
Apple iOS is an operating system for mobile devices developed by Apple Inc. The CFNetwork HTTPProtocol is one of the components used to send requests to create simple instances. A security vulnerability exists in the CFNetwork HTTPProtocol component in versions of Apple iOS prior to 9, which stem...
CVE-2015-5859
The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...
Hardcoded credentials
The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...
UBUNTU-CVE-2015-1269
The DecodeHSTSPreloadRaw function in net/http/transportsecuritystate.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string...
chromium-browser: Normalization error in HSTS/HPKP preload list
The DecodeHSTSPreloadRaw function in net/http/transportsecuritystate.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string...