Lucene search
+L

13 matches found

Hacker One
Hacker One
added 2023/11/15 1:23 a.m.49 views

curl: Buffer overflow and affected url:-https://github.com/curl/curl/blob/master/docs/examples/hsts-preload.c

Vulnerability description not provided...

7.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:21 a.m.4 views

SUSE CVE-2015-1269

The DecodeHSTSPreloadRaw function in net/http/transportsecuritystate.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string...

4.3CVSS9AI score0.01758EPSS
Exploits0References3
Microsoft KB
Microsoft KB
added 2019/02/12 8:0 a.m.92 views

February 12, 2019—KB4487000 (Monthly Rollup)

None None...

9.8CVSS6.8AI score0.68294EPSS
Exploits3
Hacker One
Hacker One
added 2017/06/21 11:35 a.m.221 views

Paragon Initiative Enterprises: Non-secure requests are not automatically upgraded to HTTPS

Non-secure requests to bridge.cspr.ng e.g. http://bridge.cspr.ng/ are not automatically upgraded to HTTPS. This is not something you would notice when you use the latest version of modern web browsers such as Google Chrome or Firefox, because bridge.cspr.ng is HSTS preloaded. When a domain is...

6.6AI score
Exploits0
Microsoft KB
Microsoft KB
added 2016/10/27 12:0 a.m.6 views

October 27, 2016 — KB3197954 (OS Build 14393.351)

None None...

6.1AI score
Exploits0
Microsoft KB
Microsoft KB
added 2016/10/11 12:0 a.m.27 views

October 11, 2016 — KB3192440 (OS Build 10240.17146)

None None...

6.1AI score
Exploits0
Microsoft KB
Microsoft KB
added 2016/10/11 12:0 a.m.4 views

October 11, 2016 — KB3192441 (OS Build 10586.633)

None None...

6.1AI score
Exploits0
OpenVAS
OpenVAS
added 2016/08/22 12:0 a.m.51 views

SSL/TLS: `preload` Missing in HSTS Header

The remote web server is missing the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.105878";...

7.5AI score
Exploits0References6
CNVD
CNVD
added 2015/11/24 12:0 a.m.4 views

Apple iOS CFNetwork HTTPProtocol Component Vulnerability

Apple iOS is an operating system for mobile devices developed by Apple Inc. The CFNetwork HTTPProtocol is one of the components used to send requests to create simple instances. A security vulnerability exists in the CFNetwork HTTPProtocol component in versions of Apple iOS prior to 9, which stem...

4.3CVSS6.3AI score0.01451EPSS
Exploits0References1
NVD
NVD
added 2015/11/22 3:59 a.m.20 views

CVE-2015-5859

The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

4.3CVSS5.2AI score0.01451EPSS
Exploits0References2
Prion
Prion
added 2015/11/22 3:59 a.m.25 views

Hardcoded credentials

The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

4.3CVSS5.6AI score0.01451EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2015/06/26 12:0 a.m.5 views

UBUNTU-CVE-2015-1269

The DecodeHSTSPreloadRaw function in net/http/transportsecuritystate.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string...

4.3CVSS7.3AI score0.01758EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2015/06/25 8:9 a.m.5 views

chromium-browser: Normalization error in HSTS/HPKP preload list

The DecodeHSTSPreloadRaw function in net/http/transportsecuritystate.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string...

4.3CVSS7.4AI score0.01758EPSS
Exploits0References5
Rows per page
Query Builder