CVE-2022-27820

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

Design/Logic Flaw

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

HSTS Missing From HTTPS Server (RFC 6797) for DDC servers

Security team running Nessus scans are reporting they are being notified of a finding on their controllers - HSTS Missing From HTTPS Server - Nessus Plugin ID 84502 which is a medium finding...

OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

Swissknife - Scriptable VSCode Extension To Generate Or Manipulate Data. Stop Pasting Sensitive Data In Webpag

The developers swissknife. Do conversions and generations right out of vs code. Extendable with user scripts Available in the Visual Studio Marketplace Currently available scripts Base64 decode Base64 encode Binary To Text Bip39 Mnemonic CSV to Markdown Count characters Count words Crypto currenc...

CVE-2021-26530

The mgtlsinit function in Cesanta Mongoose HTTPS server 7.0 compiled with OpenSSL support is vulnerable to remote OOB write attack via connection request after exhausting memory pool...

CVE-2021-26530

The mgtlsinit function in Cesanta Mongoose HTTPS server 7.0 compiled with OpenSSL support is vulnerable to remote OOB write attack via connection request after exhausting memory pool...

Design/Logic Flaw

The mgtlsinit function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 compiled with mbedTLS support is vulnerable to remote OOB write attack via connection request after exhausting memory pool...

CVE-2021-26529

The CVE-2021-26529 issue affects Cesanta Mongoose HTTPS server (versions 7.0 and 6.7–6.18 compiled with mbedTLS). The root cause is an out-of-bounds write in mg_tls_init triggered by a connection request after memory pool exhaustion, enabling a remote write condition. Documents indicate this is a...

CVE-2021-26530

The mgtlsinit function in Cesanta Mongoose HTTPS server 7.0 compiled with OpenSSL support is vulnerable to remote OOB write attack via connection request after exhausting memory pool...

CVE-2021-26530

CVE-2021-26530 describes a vulnerability in Cesanta Mongoose HTTPS server 7.0 when compiled with OpenSSL. The vulnerable component is the mg_tls_init function, which allows a remote out-of-bounds write via a connection request after the memory pool is exhausted. The Connected documents confirm th...

Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices

A team of researchers today unveiled two critical security vulnerabilities in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provide...

Node.js: Node.js: use-after-free in TLSWrap

Node.js: use-after-free in TLSWrap Node v14.11.0 Current is vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...

Downloads Resources over HTTP in macaca-chromedriver-zxa

Affected versions of macaca-chromedriver-zxa insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executi...

Design/Logic Flaw

In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery...

Circle with Disney Rclient SSL TLD MITM Vulnerability(CVE-2017-2911)

Summary An exploitable vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this...