K72752002: BIG-IP SSL/TLS CRL vulnerability CVE-2020-5913

Security Advisory Description The BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the connections. CVE-2020-5913 Impact The BIG-IP system does not enforce Transport...

K14634: SSL/TLS BREACH vulnerability CVE-2013-3587

Security Advisory Description The BREACH vulnerability allows attackers to discover secrets wrapped in HTTP compression inside of SSL. By injecting plaintext into an HTTPS request, an attacker can learn information about the corresponding HTTPS response by measuring its size. This action relies o...

K94408282: OpenNTPD vulnerability CVE-2016-5117

Security Advisory Description OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate. CVE-2016-5117 Impact There is no impact; F5 products a...

K86435316: OpenJDK vulnerabilities CVE-2020-2585 and CVE-2020-2655

Security Advisory Description CVE-2020-2585 Vulnerability in the Java SE product of Oracle Java SE component: JavaFX. The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi...

K25046752: Traffic Intelligence feeds vulnerability CVE-2022-34865

Security Advisory Description Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. CVE-2022-34865 Impact An attacker with a network position that allows them to intercept network traffic may be able to read and/or modify...

K13400: SSL 3.0/TLS 1.0 vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870

Security Advisory Description CVE-2011-3389 The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows...

K81601350: BIG-IP PEM vulnerability CVE-2017-6144

Security Advisory Description When downloading the Type Allocation Code TAC database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC databases are used in BIG-IP PE...

Dell BIOS Input Validation Error Vulnerability (CNVD-2023-14507)

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA.Dell BIOS is vulnerable to an input validation error. An authenticated local malicious user can execute arbitrary code in SMRAM by using SMI. A remote attacker could exploit the vulnerability by sending ...

firefox security update

102.8.0-2.0.1 - Updated homepages to use https Orabug: 34648274 102.8.0-2 - Update to 102.8.0 build2 102.8.0-1 - Update to 102.8.0 build1...

[SECURITY] Fedora 37 Update: curl-7.85.0-6.fc37

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Information Disclosure

curl is vulnerable to Information Disclosure. curls HSTS support allows the use of HTTPS instead of HTTP but the HSTS could fail when used subsequently on the same command line leading to Cleartext Transmission which allows an attacker to gain sensitive information of the system...

Information Disclosure

curl is vulnerable to Information Disclosure. curls HSTS support allows the use of HTTPS instead of HTTP but the HSTS could fail when used subsequently on the same command line leading to Cleartext Transmission which allows an attacker to gain access to sensitive information...

Improper Certificate Validation

pyloadng is vulnerable to Improper Certificate Validation. The vulnerability exists in httprequest.py due to improper SSL certificate validation which allows an attacker to intercept data over HTTPS connections...

Improper Certificate Validation

cloudconnectlib is vulnerable to Improper Certificate Validation. Requests to third-party APIs through the REST API Modular Input allows a remote attacker to downgrade the API request to HTTP after a connection over HTTPS fails when the REST API Modular Input functionality is used through its use...

Protect

A relative path traversal vulnerability CWE-23 in FortiOS, FortiProxy, and FortiSwitchManager may allow an authenticated attacker to read and write files on the underlying system via crafted HTTP, HTTPS or CLI requests...

Internet Bug Bounty: CVE-2023-23915: HSTS amnesia with --parallel

Multiple transfers in parallel using curl's HSTS cache saving feature resulted in the cache file being overwritten by the most recently completed transfer, causing a later HTTP-only transfer to the earlier hostname to not get upgraded properly to HSTS, leading to a bypass of intended security...

Internet Bug Bounty: CVE-2023-23914: HSTS ignored on multiple requests

Multiple requests made using curl's HSTS functionality ignored the HTTPS protocol and used an insecure clear-text HTTP step instead. This was due to the state not being properly carried on, allowing the bypass of intended security controls. The vulnerability was assigned CVE-2023-23914 and had a...

CURL-CVE-2023-23914 HSTS ignored on multiple requests

curl's HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly be ignored by subsequent...

CURL-CVE-2023-23915 HSTS amnesia with --parallel

curl's HSTS cache saving behaves wrongly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when...

HSTS ignored on multiple requests

curl's HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly be ignored by subsequent...