7690 matches found
GHSA-J7XG-5549-JR3J Improper Certificate Validation in OWASP ZAP
OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...
Juniper Junos OS Path Traversal Vulnerability
A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform remote code execution...
CVE-2022-27820
OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...
CVE-2022-27820
OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...
CVE-2022-27820
OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...
Design/Logic Flaw
OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...
CVE-2022-27820
OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...
(Pwn2Own) NETGEAR R6700v3 Improper Certificate Validation Vulnerability
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The...
Fedora: Security Advisory for icecat (FEDORA-2022-42ea499a7d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Denial Of Service (DoS)
github.com/Dreamacro/clash is vulnerable to denial of service. The vulnerability exists because the library does not limit the http or https configuration files, allowing an attacker to crash the application by providing an embedded malicious iframe with a crafted URL...
CVE-2020-25193
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection...
Hardcoded credentials
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection...
CVE-2020-25193 GE Reason RT43X Clocks Use of Hard-coded Cryptographic Key
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection...
CVE-2020-25193
The CVE-2020-25193 issue affects GE Reason RT430, RT431 and RT434 GNSS clocks with firmware versions prior to 08A06. The root cause is a hard-coded cryptographic key that allows an attacker to intercept and decrypt HTTPS traffic. Impact is partial confidentiality loss in encrypted communications....
Security Bulletin: urllib upgrade CVE-2021-33503, CVE-2021-28363
Summary The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificat...
PT-2022-8710 · Ge · Ge Reason Rt430 +2
Name of the Vulnerable Software and Affected Versions: GE Reason RT430, RT431 & RT434 GNSS clocks versions prior to 08A06 Description: The issue allows attackers to intercept and decrypt encrypted traffic through an HTTPS connection by having access to the hard-coded cryptographic key. This could...
Juniper Junos OS Improper Certificate Validation (JSA11264)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11264 advisory. An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle PitM attacks when a system script is fetched...
Slackware Linux 15.0 / current python3 Vulnerability (SSA:2022-077-01)
The version of python3 installed on the remote host is prior to 3.9.11. It is, therefore, affected by a vulnerability as referenced in the SSA:2022-077-01 advisory. - The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxie...
[SECURITY] Fedora 36 Update: icecat-91.7.0-1.rh1.fc36
GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. HTTPS Everywhere HTTPS Everywhere is an extension that encrypts...
CVE-2022-27225
Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safar...