EUVD-2024-2414

Malicious code in bioql PyPI...

EUVD-2024-1122

Malicious code in bioql PyPI...

CVE-2019-9803

The Upgrade-Insecure-Requests UIR specification states that if UIR is enabled through Content Security Policy CSP, navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some...

CVE-2024-31206 Use of Unencrypted HTTP Request in dectalk-tts

dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victi...

CVE-2024-31206

CVE-2024-31206 affects the Node package dectalk-tts . In 1.0.0, the module makes HTTP (unencrypted) requests to the aeiou Dectalk web API, creating a potential man-in-the-middle risk where traffic could be intercepted or modified. The network traffic was upgraded to HTTPS in version 1.0.1. The av...

CVE-2024-31206 Use of Unencrypted HTTP Request in dectalk-tts

dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victi...

OPENSUSE-SU-2023:0193-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 115.0.5790.102: stability fix Chromium 115.0.5790.98: Security: The Storage, Service Worker, and Communication APIs are now partitioned in third-party contexts to prevent certain types of side-channel cross-site tracking HTTPS:...

ALPINE-CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

PT-2022-12302 · Cobbler · Cobbler

Name of the Vulnerable Software and Affected Versions: Cobbler versions prior to 3.3.2 Description: An issue was discovered where routines in several files use the HTTP protocol instead of the more secure HTTPS. Recommendations: For Cobbler versions prior to 3.3.2, consider updating to a version...

CVE-2021-38507

The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP addre...

httpd: mod_http2: possible crash on late upgrade

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server...

CVE-2019-17002

If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox 70...

DEBIAN-CVE-2019-0197

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server...

HackerOne: Non-secure requests are not automatically upgraded to HTTPS

Non-secure requests to hackerone.com e.g. http://hackerone.com are not automatically upgraded to HTTPS. This is not something you would notice when you use the latest version of modern web browsers such as Google Chrome or Firefox, because hackerone.com is HSTS preloaded. When a domain is...