Lucene search
K

7690 matches found

CVE
CVE
added 2017/09/13 5:0 p.m.56 views

CVE-2017-14419

CVE-2017-14419 affects the D-Link DIR-850L NPAPI extension used with REV A (FW114WWb07_h2ab_beta1) and REV B (FW208WWb02). The issue is that this NPAPI component participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, in addition to an existing TCP relay for HTTPS. CN...

5.9CVSS6.6AI score0.00834EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/09/13 5:0 p.m.60 views

CVE-2017-14422

The CVE-2017-14422 entry applies to D-Link DIR-850L REV. A (firmware FW114WWb07_h2ab_beta1) and REV. B (FW208WWb02). The root cause is a hardcoded private key in /etc/stunnel.key across installations, which could allow remote attackers to bypass HTTPS protection by exploiting knowledge of that ke...

7.5CVSS8AI score0.01288EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2017/09/13 12:0 a.m.5 views

PT-2017-13466 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1 D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue concerns the use of a hardcoded private key in the /etc/stunnel.key file across different installations,...

7.5CVSS7.5AI score0.01288EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2017/09/12 3:41 a.m.5 views

chromium-browser: potential https downgrade during redirect navigation

Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could...

6.5CVSS7.4AI score0.01127EPSS
Exploits0References5
Malwarebytes
Malwarebytes
added 2017/09/11 7:53 p.m.45 views

A week in security (September 4 – September 10)

Last week, we looked into expired domain names being used for malvertising, delved into dubious Facebook apps, and checked out Chinese seminar scams. We also explained the whys and wherefores of false positives, explained what Google is doing with HTTPs, warned you away from a fake DHS email, and...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/09/08 12:0 a.m.39 views

EulerOS 2.0 SP2 : python (EulerOS-SA-2017-1186)

According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Python standard library HTTP client modules such as httplib or urllib did not perform verification of TLS/SSL certificates when connecting to...

5.8CVSS7AI score0.03269EPSS
Exploits1References2
Malwarebytes
Malwarebytes
added 2017/09/07 3:36 p.m.179 views

Google reminds website owners to move to HTTPS before October deadline

With the release of Chrome v62 in less than 3 months, Google will begin marking non-HTTPS pages with text input fields—like contact forms and search bars—and all HTTP websites viewed in Incognito mode as "NOT SECURE" in the address bar. The company has started sending out warning emails to web...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/09/07 12:0 a.m.99 views

Google Chrome < 61.0.3163.79 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 61.0.3163.79. It is, therefore, affected by multiple vulnerabilities as referenced in the 201709stable-channel-update-for-desktop advisory. - Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, a...

8.8CVSS8AI score0.26331EPSS
Exploits0References22
OpenVAS
OpenVAS
added 2017/09/07 12:0 a.m.25 views

Google Chrome Security Updates (stable-channel-update-for-desktop-2017-09) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

8.8CVSS6.6AI score0.26331EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2017/09/06 8:23 a.m.42 views

CVE-2017-5120

Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could...

6.5CVSS1.2AI score0.01127EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2017/09/06 12:0 a.m.34 views

[ASA-201709-1] chromium: multiple issues

Arch Linux Security Advisory ASA-201709-1 ========================================= Severity: Critical Date : 2017-09-06 CVE-ID : CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120 Package : chromium Type :...

8.8CVSS0.7AI score0.26331EPSS
Exploits0References22
OSV
OSV
added 2017/09/03 7:29 p.m.5 views

CVE-2017-14116

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 an...

8.1CVSS5.8AI score0.03342EPSS
Exploits1References3
Prion
Prion
added 2017/09/03 7:29 p.m.16 views

Code injection

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 an...

9.3CVSS8AI score0.03342EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2017/09/01 9:29 p.m.12 views

Design/Logic Flaw

NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

5CVSS7.4AI score0.01845EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/09/01 9:29 p.m.19 views

CVE-2017-14053

NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

7.5CVSS7.4AI score0.01845EPSS
Exploits0References1
CVE
CVE
added 2017/09/01 9:0 p.m.50 views

CVE-2017-14053

Affected product / component: NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1. Vulnerability: HTTPS session cookies do not have the secure flag set for an unspecified cookie, enabling potential cookie capture by intercepting transmission within an HTTP session. Root cause (...

7.5CVSS7.4AI score0.01845EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/09/01 1:29 p.m.43 views

CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.9CVSS5.4AI score0.00875EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/09/01 1:29 p.m.22 views

CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.9CVSS6.2AI score0.00875EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2017/09/01 1:29 p.m.4 views

CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.9CVSS5.5AI score0.00875EPSS
Exploits0References2
OSV
OSV
added 2017/09/01 1:29 p.m.29 views

CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.9CVSS6.3AI score
Exploits0References1
Rows per page
Query Builder