Lucene search
K

7691 matches found

OpenVAS
OpenVAS
added 2018/06/19 12:0 a.m.49 views

Burp Suite CE 1.7.32 - 1.7.33 MITM Vulnerability - Linux

Burp Suite Community Edition is prone to a man-in-the-middle MITM vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.4CVSS7.5AI score0.00494EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/06/19 12:0 a.m.64 views

Burp Suite CE 1.7.32 - 1.7.33 MITM Vulnerability - Windows

Burp Suite Community Edition is prone to a man-in-the-middle MITM vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...

7.4CVSS7.5AI score0.00494EPSS
Exploits0References1
Prion
Prion
added 2018/06/18 2:29 p.m.14 views

Design/Logic Flaw

Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic...

5.8CVSS7.3AI score0.00494EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/06/18 2:29 p.m.10 views

CVE-2018-1153

Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic...

7.4CVSS7.3AI score0.00494EPSS
Exploits0References2
OSV
OSV
added 2018/06/18 2:29 p.m.5 views

CVE-2018-1153

Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic...

7.4CVSS5.8AI score0.00494EPSS
Exploits0References2
CVE
CVE
added 2018/06/18 2:0 p.m.54 views

CVE-2018-1153

Burp Suite Community Edition 1.7.32–1.7.33 has a server TLS certificate validation flaw in some HTTPS requests, enabling a network MITM to modify or view traffic. This is tracked as CVE-2018-1153 (NVD shows CVSSv3 7.4 HIGH / CVSSv2 5.8 MEDIUM; attack vector NETWORK; high impact to confidentiality...

7.4CVSS7.3AI score0.00494EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:39 p.m.67 views

Security Bulletin: Security vulnerabilities have been identified in OpenSSL shipped with IBM Tivoli Network Manager IP Edition(CVE-2016-7055, CVE-2017-3731, CVE-2017-3732)

Summary OpenSSL is shipped with Tivoli Network Manager IP Edition. Information about security vulnerabilities affecting OpenSSL have been published in a security bulletin. Vulnerability Details CVEID: CVE-2017-3731 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an...

7.5CVSS1AI score0.57595EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:37 p.m.24 views

Security Bulletin: A vulnerability in the Firefox component of the Synthetic Playback agent affects IBM Performance Management products.

Summary Multiple browsers could allow a remote attacker to obtain sensitive information, caused by the failure to consider the role of the TCP congestion window in providing information about content length by the HTTPS protocol or by the HTTP/2 protocol. By visiting a Web site owned by a malicio...

5.3CVSS5.7AI score0.13983EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:3 p.m.22 views

Security Bulletin: Security Vulnerability in IBM Maximo Asset Management (CVE-2015-1951) allows cacheable HTTPS response

Summary A vulnerability in Maximo Asset Management could allow an attacker to obtain sensitive information which is stored in a local cache. The vulnerability affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization,...

2.1CVSS0.3AI score0.00329EPSS
Exploits0Affected Software13
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 2:42 p.m.39 views

Security Bulletin: IBM Tivoli Network Manager IP Edition V39 Fix Pack 4 HTTPS support for Perl Collector install is affected by the following OpenSSL vulnerabilities: (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195 and CVE-2014-3470)

Summary Security vulnerabilities have been discovered in OpenSSL 9.7d package that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/T...

7.4CVSS0.8AI score0.99977EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 7:54 p.m.45 views

Security Bulletin: Security Vulnerability in Apache Axis affects IBM WebSphere Dashboard Framework (CVE-2014-3596)

Summary There is an insecure certificate validation CVE-2014-3596 in Apache Axis which is bundled with IBM WebSphere Dashboard Framework. Vulnerability Details IBM WebSphere Dashboard Framework WDF bundles a copy of Apache Axis which can be used to make web service requests. A vulnerability in Ax...

5.8CVSS1AI score0.05806EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.35 views

Security Bulletin: Vulnerability in SSLv3 affects WebSphere Lombardi Edition (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in WebSphere Lombardi Edition. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: WebSphere Lombardi Edition could allow a remote attacker t...

4.3CVSS0.6AI score0.99999EPSS
Exploits7Affected Software1
CNVD
CNVD
added 2018/06/13 12:0 a.m.2 views

Unspecified vulnerability in https-proxy-agent

https-proxy-agent is an implementation of an HTTP or HTTPS proxy. A security vulnerability exists in https-proxy-agent. An attacker can exploit this vulnerability to cause a denial of service and disclose memory...

8.9AI score
Exploits0References1
CNVD
CNVD
added 2018/06/13 12:0 a.m.2 views

https-proxy-agent memory leak vulnerability

https-proxy-agent is an implementation of an HTTP or HTTPS proxy. A security vulnerability exists in https-proxy-agent versions prior to 2.1.1, which stems from a failure of the program to perform proper filtering. An attacker can exploit this vulnerability by submitting input e.g. JSON to the...

9.1CVSS8.8AI score0.02012EPSS
Exploits1References1
Gentoo Linux
Gentoo Linux
added 2018/06/13 12:0 a.m.521 views

GNU Wget: Cookie injection

Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description A vulnerability was discovered in GNU Wget’s respnew function which does not validate \r\n sequences in continuation lines. Impact A remote attacker...

6.5CVSS7.1AI score0.17249EPSS
Exploits5
NVD
NVD
added 2018/06/11 9:29 p.m.19 views

CVE-2018-5113

The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox 58...

7.5CVSS6.9AI score0.02074EPSS
Exploits0References5
NVD
NVD
added 2018/06/11 9:29 p.m.21 views

CVE-2017-7835

Mixed content blocking of insecure HTTP sub-resources in a secure HTTPS document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox 57...

7.5CVSS6.6AI score0.01522EPSS
Exploits0References4
OSV
OSV
added 2018/06/11 9:29 p.m.4 views

CVE-2017-7835

Mixed content blocking of insecure HTTP sub-resources in a secure HTTPS document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox 57...

7.3CVSS7.3AI score0.01522EPSS
Exploits0References4
NVD
NVD
added 2018/06/11 9:29 p.m.20 views

CVE-2017-5384

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

5.9CVSS4.9AI score0.01521EPSS
Exploits1References5
NVD
NVD
added 2018/06/11 9:29 p.m.18 views

CVE-2016-9071

Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox 50...

5.3CVSS4.5AI score0.01905EPSS
Exploits0References4
Rows per page
Query Builder