7690 matches found
CVE-2017-14419
CVE-2017-14419 affects the D-Link DIR-850L NPAPI extension used with REV A (FW114WWb07_h2ab_beta1) and REV B (FW208WWb02). The issue is that this NPAPI component participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, in addition to an existing TCP relay for HTTPS. CN...
CVE-2017-14422
The CVE-2017-14422 entry applies to D-Link DIR-850L REV. A (firmware FW114WWb07_h2ab_beta1) and REV. B (FW208WWb02). The root cause is a hardcoded private key in /etc/stunnel.key across installations, which could allow remote attackers to bypass HTTPS protection by exploiting knowledge of that ke...
PT-2017-13466 · D Link · D-Link Dir-850L
Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1 D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue concerns the use of a hardcoded private key in the /etc/stunnel.key file across different installations,...
chromium-browser: potential https downgrade during redirect navigation
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could...
A week in security (September 4 – September 10)
Last week, we looked into expired domain names being used for malvertising, delved into dubious Facebook apps, and checked out Chinese seminar scams. We also explained the whys and wherefores of false positives, explained what Google is doing with HTTPs, warned you away from a fake DHS email, and...
EulerOS 2.0 SP2 : python (EulerOS-SA-2017-1186)
According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Python standard library HTTP client modules such as httplib or urllib did not perform verification of TLS/SSL certificates when connecting to...
Google reminds website owners to move to HTTPS before October deadline
With the release of Chrome v62 in less than 3 months, Google will begin marking non-HTTPS pages with text input fields—like contact forms and search bars—and all HTTP websites viewed in Incognito mode as "NOT SECURE" in the address bar. The company has started sending out warning emails to web...
Google Chrome < 61.0.3163.79 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 61.0.3163.79. It is, therefore, affected by multiple vulnerabilities as referenced in the 201709stable-channel-update-for-desktop advisory. - Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, a...
Google Chrome Security Updates (stable-channel-update-for-desktop-2017-09) - Linux
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
CVE-2017-5120
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could...
[ASA-201709-1] chromium: multiple issues
Arch Linux Security Advisory ASA-201709-1 ========================================= Severity: Critical Date : 2017-09-06 CVE-ID : CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120 Package : chromium Type :...
CVE-2017-14116
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 an...
Code injection
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 an...
Design/Logic Flaw
NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...
CVE-2017-14053
NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...
CVE-2017-14053
Affected product / component: NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1. Vulnerability: HTTPS session cookies do not have the secure flag set for an unspecified cookie, enabling potential cookie capture by intercepting transmission within an HTTP session. Root cause (...
CVE-2017-12870
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...
CVE-2017-12870
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...
CVE-2017-12870
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...
CVE-2017-12870
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...