Design/Logic Flaw

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent...

RHEL 9 : Red Hat Single Sign-On 7.6.3 security update on RHEL 9 (Moderate) (RHSA-2023:2707)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2707 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

python-scciclient: missing server certificate verification

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

CVE-2022-2996

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

DEBIAN-CVE-2022-2996

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

PYSEC-2022-43152

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

CVE-2022-2996

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

PYSEC-2022-43152

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

PT-2022-19931 · Unknown +1 · Python-Scciclient +1

Name of the Vulnerable Software and Affected Versions: python-scciclient affected versions not specified Description: A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to...

CVE-2022-2996

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

CVE-2020-25193

By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection...

CVE-2020-25193 GE Reason RT43X Clocks Use of Hard-coded Cryptographic Key

By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection...

Malicious Package

calrd is a malicious package. The package contains a malicious code which will execute in the browser, steal sensitive information such as password, cvc, cardnumber fileds from forms and send to https://js-metrics.com/minjs.php?pl=...

Macro browser breaks https secure connection

h3. Issue Summary Macro browser loads http insecure resources including a data:image/png and a testing mocking resource http://example.com/bla-bla-bla h3. Environment Optional - If Applicable h3. Steps to Reproduce Create a page Open macro browser h3. Expected Results Connection remains secure h3...

CVE-2018-12403

If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox 63...

Unable to Launch Applications or Desktops Using HTTPS URL via Workspace App for HTML5

When using StoreFront or Cloud Workspace with Workspace App for HTML5 through an HTTPS URL, applications and desktops cannot be started. One of the following error messages is displayed: “Cannot create a secure connection in this browser. Refer to the Citrix Knowledge Center article CTX134123.”...

CVE-2018-2460

SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack...

Unitrends UEB 9.1 Authentication Bypass / Remote Command Execution

Exploit Title: Unauthenticated root RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Cale Smith, Benny Husted, Jared Arave Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.unitrends.com/ Software Link:...

GSA Bounty: federalist.18f.gov vulnerable to Sweet32 attack

The researcher noted that federalist.18f.gov allows use of the TLSRSAWITH3DESEDECBCSHA cipher, which is now marked as "weak" in SSL labs because of risks of MitM attacks given this vulnerability: https://sweet32.info/, which requires monitoring of a long lived HTTPS connection. We inherit this...

Unitrends UEB 9.1 - Authentication Bypass / Remote Command Execution

Exploit Title: Unauthenticated root RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Cale Smith, Benny Husted, Jared Arave Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.unitrends.com/ Software Link:...