7629 matches found
CVE-2023-6058
Summary: CVE-2023-6058 affects Bitdefender Safepay’s HTTPS handling. When a connection is blocked due to an untrusted server certificate, users can still add the site to exceptions, after which Safepay will trust that certificate for subsequent HTTPS scans. This creates a potential MITM path wher...
CVE-2023-6057 Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11166)
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL...
CVE-2023-6057 Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11166)
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL...
CVE-2023-6057
The CVE-2023-6057 entry describes a vulnerability in Bitdefender Total Security HTTPS scanning where the product incorrectly trusts certificates issued with the DSA signature algorithm due to improper certificate-chain checking. This can enable an attacker to perform MITM SSL connections to arbit...
CVE-2023-6056 Insecure Trust of Self-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11164)
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to...
CVE-2023-6056 Insecure Trust of Self-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11164)
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to...
CVE-2023-6056
CVE-2023-6056 describes a vulnerability in Bitdefender Total Security’s HTTPS scanning that causes improper trust of self-signed certificates, specifically those signed with the RIPEMD-160 hash, without proper validation. This weakness can enable a man‑in‑the‑middle (MITM) SSL connection to arbit...
CVE-2023-6055
CVE-2023-6055 describes a certificate validation flaw in Bitdefender Total Security’s HTTPS scanning. The vulnerability occurs when the site certificate lacks the Extended Key Usage spec for Server Authentication; the product may consider such certificates valid and proceed with TLS interception,...
CVE-2023-6055 Improper Certificate Validation in Bitdefender Total Security HTTPS Scanning (VA-11158)
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the "Server Authentication" specification in the Extended Key Usage extension, the product...
CVE-2023-6055 Improper Certificate Validation in Bitdefender Total Security HTTPS Scanning (VA-11158)
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the "Server Authentication" specification in the Extended Key Usage extension, the product...
PT-2024-13750 · Bitdefender · Bitdefender Total Security
Name of the Vulnerable Software and Affected Versions: Bitdefender Total Security versions prior to the latest version Description: A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't...
Unspecified Vulnerability in Mozilla Firefox for iOS
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox for iOS prior to version 131.2, which originates when opening an external link to an HTTP website under certain circumstances, and can be exploited by...
CVE-2024-10004
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS 131.2...
CVE-2024-10004
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS 131.2...
UBUNTU-CVE-2024-10004
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS 131.2...
CVE-2024-10004
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS 131.2...
CVE-2024-10004
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS 131.2...
CVE-2024-10004
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS 131.2...
CVE-2024-10004
CVE-2024-10004 technical details are not publicly provided in the supplied documents. Monitor for updates.
[SECURITY] Fedora 41 Update: rust-hyper-rustls-0.27.3-1.fc41
Rustls+hyper integration for pure rust HTTPS...