Microsoft Windows Secure Socket Tunneling Protocol 安全漏洞

The Microsoft Windows Secure Socket Tunneling Protocol is a Microsoft mechanism for encapsulating Point-to-Point Protocol PPP traffic via the HTTPS protocol, as specified in RFC1945, RFC2616, and RFC2818. This protocol enables users to access private networks using HTTPS. HTTPS can traverse most...

CVE-2022-34865

In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support EoTS are...

Design/Logic Flaw

In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support EoTS are...

CVE-2022-34865

In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support EoTS are...

Security Bulletin: Vulnerability in the Node.js follow-redirects component affects IBM Event Streams (CVE-2022-0536)

Summary This security vulnerability affects the follow-redirects component that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-0536 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by a leakage of...

Fedora: Security Advisory for httprobe (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: httprobe-0.1.2-7.fc36

Take a list of domains and probe for working HTTP and HTTPS servers...

Fedora: Security Advisory for dnscrypt-proxy (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for caddy (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: caddy-2.4.6-4.fc36

Caddy is the web server with automatic HTTPS...

Security Bulletin: IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty, with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status . (CVE-2022-22393)

Summary IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 1, with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. Vulnerability...

Oracle Enterprise Manager Ops Center (Jul 2022 CPU)

The 12.4.0.0 versions of Enterprise Manager Ops Center installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory. - Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager component: Networking Apache HTTP...

macOS 10.15.x < Catalina Security Update 2022-005 Catalina (HT213343)

The remote host is running a version of macOS / Mac OS X that is 0.0.x prior to Catalina Security Update 2022-005 Catalina. It is, therefore, affected by multiple vulnerabilities : - vim is vulnerable to Heap-based Buffer Overflow CVE-2021-4136 - vim is vulnerable to Out-of-bounds Read...

Google Adds Support for DNS-over-HTTP/3 in Android to Keep DNS Queries Private — The Hacker News

Google on Tuesday officially announced support for DNS-over-HTTP/3 DoH3 for Android devices as part of a Google Play system update designed to keep DNS queries private. To that end, Android smartphones running Android 11 and higher are expected to use DoH3 instead of DNS-over-TLS DoT, which was...

nodejs: Improper handling of URI Subject Alternative Names

A flaw was found in node.js where it accepted a certificate's Subject Alternative Names SAN entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host...

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Description The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session Proof of Concept PHPSESSID:"ID" Created:"Tue, 19 Jul 2022 13:15:32 GMT" Domain:"demo.pimcore.fun" Expires / Max-Age:"Sessio...

Siemens CPC80 Firmware of SICAM A8000 Missing Release of Resource After Effective Lifetime (CVE-2022-29884)

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70C All versions CPC80 V16.30, CP-8000 MASTER MODULE WITH I/O -40/+70C All versions CPC80 V16.30, CP-8021 MASTER MODULE All versions CPC80 V16.30, CP-8022 MASTER MODULE WITH GPRS All versions CPC80 V16.30. When using the...

Fedora: Security Advisory for dnscrypt-proxy (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for httprobe (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: httprobe-0.1.2-6.fc35

Take a list of domains and probe for working HTTP and HTTPS servers...