7691 matches found
Missing Authentication for Critical Function in Apache Calcite
"HttpUtilsgetURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses this method internally to connect with Druid and Splunk so information leakage may happen when using the respective Calcite...
[SECURITY] Fedora 32 Update: curl-7.69.1-8.fc32
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
CVE-2020-28973
The ABUS Secvest wireless alarm system FUAA50000 v3.01.17 fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. This information can then be used to...
Spoofable Secure Lock Icon
firefox:sid is using spoofable Secure Lock icon. Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page...
Man-in-the-Middle (MitM)
nim is vulnerable to man-in-the-middle attack. nimble refresh fetches a list of Nimble packages over HTTPS by default. However, in case of an error, a non-TLS URL http://irclogs.nim-lang.org/packages.json is used and allows an attacker to perform MitM and deliver a modified package list containin...
Man-In-The-Middle Attack
Nim is vulnerable to man-in-the-middle attack. The vulnerability exists when during 'nimble refresh', the system fetches a list of Nimble packages over HTTPS without verifying the SSL/TLS certificate, allowing an attacker to perform man-in-the-middle attack by delivering a modified malicious...
Oracle MySQL Server <= 5.7.30 / 8.0 <= 8.0.17 Security Update (cpuapr2021) - Windows
Oracle MySQL Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock
The Mozilla Foundation fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communications icon, displayed as a padlock in the browser address window. Successful exploitation of the flaw could have allowed a rogue website to intercept browser communications. The patch was...
Reproxy - Simple Edge Server / Reverse Proxy
Reproxy is a simple edge HTTPs server / reverse proxy supporting various providers docker, static, file. One or more providers supply information about requested server, requested url, destination url and health check url. Distributed as a single binary or as a docker container. Automatic SSL...
SUSE: Security Advisory (SUSE-SU-2019:3266-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2021:0241-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:0699-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 33 : curl (2021-cab5c9befb)
The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-cab5c9befb advisory. - curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in...
Mozilla Firefox ESR < 78.10
The version of Firefox ESR installed on the remote Windows host is prior to 78.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-15 advisory. - Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port...
FreeBSD : Apache Maven -- multiple vulnerabilities (20006b5f-a0bc-11eb-8ae6-fc4dd43e2b6a)
The Apache Maven project reports : We received a report from Jonathan Leitschuh about a vulnerability of custom repositories in dependency POMs. We've split this up into three separate issues : - Possible Man-In-The-Middle-Attack due to custom repositories using HTTP. More and more repositories u...
Rapid7 Releases New Industry Cyber-Exposure Report (ICER): FTSE 350
Today, we are excited to release the second report in our Industry Cyber-Exposure Report ICER series, which digs into cyber-exposure among organizations in the U.K.’s FTSE 350. This series focuses on five key areas we believe CISOs at mega-corporations actually have a shot at accomplishing, and...
Swissknife - Scriptable VSCode Extension To Generate Or Manipulate Data. Stop Pasting Sensitive Data In Webpag
The developers swissknife. Do conversions and generations right out of vs code. Extendable with user scripts Available in the Visual Studio Marketplace Currently available scripts Base64 decode Base64 encode Binary To Text Bip39 Mnemonic CSV to Markdown Count characters Count words Crypto currenc...
CVE-2021-26076
The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn...
CVE-2021-26076
The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn...
Hardcoded credentials
The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn...