Information disclosure

Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka "Microsoft Edge Information Disclosure Vulnerability."...

CVE-2016-0125

Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka "Microsoft Edge Information Disclosure Vulnerability."...

CVE-2016-0125

CVE-2016-0125 pertains to Microsoft Edge by mishandling the Referer policy, causing an information disclosure vulnerability that could expose a user’s request context or browsing history. Affected products include Microsoft Edge (and related IE components) with the root cause described as imprope...

More than 1 Million Websites Install Free SSL Certificate (and Counting...)

Let's Encrypt has achieved another big milestone by issuing 1 million free Transport Layer Security TLS SSL Certificates to webmasters who wish to secure the communications between their users and domains. Let's Encrypt – operated by the Internet Security Research Group ISRG – is an absolutely...

About the security content of Apple Software Update 2.2

About the security content of Apple Software Update 2.2 This document describes the security content of Apple Software Update 2.2. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or...

Cisco Web Security Appliance HTTPS Packet Processing DoS (cisco-sa-20160302-wsa)

According to its self-reported version, the remote Cisco Web Security Appliance WSA is affected by a denial of service vulnerability in the web proxy framework due to improper processing of HTTPS packets. An unauthenticated, remote attacker can exploit this vulnerability, via a malformed HTTPS...

Cisco Web Security Appliance HTTPS Packet Handling Denial of Service Vulnerability

The Cisco Web Security Appliance is a secure Web gateway that integrates malware protection, application visualization control, policy control, and more in one platform. A security vulnerability exists in the Web proxy framework of the Cisco Web Security Appliance WSA that stems from not properly...

Cisco WSA HTTPS Packet Processing Denial of Service Vulnerability

Cisco WSA Software is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Fedora 22 : shellinabox-2.19-1.fc22 (2015-463143720f)

Added support for middle-click paste Improved iOS support New logic to enable soft keyboard icon Disable HTTPS fallback using the URL /plain. Consequently disables automatic upgrades from HTTP to HTTPS CVE-2015-8400 Note that Tenable Network Security has extracted the preceding description block...

Fedora 23 : shellinabox-2.19-1.fc23 (2015-1c773e8702)

Added support for middle-click paste Improved iOS support New logic to enable soft keyboard icon Disable HTTPS fallback using the URL /plain. Consequently disables automatic upgrades from HTTP to HTTPS CVE-2015-8400 Note that Tenable Network Security has extracted the preceding description block...

Fedora 22 : mediawiki-1.25.3-1.fc22 (2015-24fe8b66c9)

https://www.mediawiki.org/wiki/Releasenotes/1.25MediaWiki1.25.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additiona...

Hardcoded credentials

The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service service outage by leveraging certain intranet connectivity and sending a malformed HTTPS request, aka Bug ID CSCuu24840...

CVE-2016-1288

CVE-2016-1288 affects Cisco Web Security Appliance (WSA) via the HTTPS Proxy/HTTPS packet handling. Cisco AsyncOS prior to 8.5.3-051 and 9.x prior to 9.0.0-485 are vulnerable to a DoS when an unauthenticated remote attacker sends a malformed HTTPS request, causing service outages. The issue stems...

CVE-2 0 1 6-0 7 0 3 OpenSSL DROWN vulnerability security notification-vulnerability warning-the black bar safety net

In OpenSSL official yesterday released the security Bulletin, discloses a new high-risk vulnerabilities“DROWN”the drowned vulnerability,。 Through this vulnerability, an attacker can initiate a“man in the middle hijacking attack”to steal is HTTPS encrypted session content, including Yahoo!, Alibab...

acea.net XSS vulnerability

Vulnerable URL: http://www.acea.net/?domain=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 03.03.2016 Latest check for patch:| 03.03.2016 01:57 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

DROWN Flaw Opens 33 Percent Of HTTPS Connections To Attack

Researchers revealed a massive transport layer security TLS vulnerability today that leaves millions of Internet users vulnerable to an attack that could expose passwords, credit card numbers and financial data. OpenSSL and others are urging companies to patch their web servers or risk exposure t...

DROWN Attack — More than 11 Million OpenSSL HTTPS Websites at Risk

A new deadly security vulnerability has been discovered in OpenSSL that affects more than 11 Million modern websites and e-mail services protected by an ancient, long deprecated transport layer security protocol, Secure Sockets Layer SSLv2. Dubbed DROWN, the highly critical security hole in OpenS...

Cisco IOS XE Multiple OpenSSL Vulnerabilities (CSCup22487)

The remote Cisco IOS XE device is missing a vendor-supplied security patch, and its web user interface is configured to use HTTPS. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library : - An error exists in the ssl3readbytes function that could allow data to ...

model-trains-universe.com Open Redirect vulnerability

Vulnerable URL: http://www.model-trains-universe.com/adserver/www/delivery/ck.php?oaparams=2bannerid=58zoneid=5cb=00cb6d34edoadest=https://xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| Open Redirect Vulnerability status:|...

Kaspersky Internet Security HTTPS Inspection Insecure Certificate Validation

A code execution vulnerability has been reported in Kaspersky Internet Security. This vulnerability is due to improper validation of a temporary certificate name. A remote, unauthenticated attacker can exploit this vulnerability by sending the user a crafted certificate, potentially leading to a...