7686 matches found
Critical SSL Vulnerability Leaves 25,000 iOS Apps Vulnerable to Hackers
A critical vulnerability resides in AFNetworking could allow an attacker to cripple the HTTPS protection of 25,000 iOS apps available in Apple's App Store via man-in-the-middle MITM attacks. AFNetworking is a popular open-source code library that lets developers drop networking capabilities into...
NetNanny Found Using Shared Private Key, Root CA
An issue with the content-control software NetNanny could open users’ systems up to man-in-the-middle MiTM attacks, HTTPS spoofing and intercept, researchers warned Monday. First released in 1995, the internet filtering service is primarily used by parents to control their children’s online...
How to Disable Mixed Content Security Warning in Google Chrome
If you are really upset with Chrome browsers warnings that your HTTPS enabled website contains unsecured third-party contents that sometimes force your users to close the tab, Google has solved this problem for you. With the release of the next version of Google's popular browser, Chrome 43, it m...
NetNanny uses a shared private key and root CA
Overview NetNanny uses a shared private key and root Certificate Authority CA, making systems broadly vulnerable to HTTPS spoofing. Description NetNanny installs a Man-in-the-Middle MITM proxy as well as a new trusted root CA certificate. The certificate used by NetNanny is shared among all...
Google Moving Its Ad Services to Fully Encrypted Platform
Encryption is one of the major steps to be taken by every big technology giant in order to protect its users over the Internet, and, among those, Google has set an admirable example by gradually moving all of its online services to use strong HTTPS encryption. So far, Google encrypted email by...
CVE-2015-1247
Removed by vendor...
Is this vulnerability? The researchers accused the world's largest Dating site Match login pages not using HTTPS-bug warning-the black bar safety net
! American researcher Scott Bryner pointed out, the world's largest Dating website, Match. com login page don't for any reason by HTTPS jump for HTTP, which means that the transmission of user passwords not protected by encryption, and this problem has been there for weeks and no one attention...
Google Moving Toward Encrypted Ad Services
Google engineers have spent the last several years moving many of the company’s online services to encrypted links. Gmail is HTTPS by default, and Google search is done over SSL for much of the world. Now the company is working to move its ad-serving and ad-buying platforms to HTTPS, as well...
CVE-2013-7436
noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
UBUNTU-CVE-2013-7436
noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
DEBIAN-CVE-2013-7436
noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2013-7436
The CVE concerns noVNC prior to version 0.5, where the secure flag for cookies was not set during HTTPS sessions, enabling cookie interception across HTTP. Affected software: noVNC pre-0.5. Impact: confidentiality risk via session cookies exposed to MITM in mixed HTTP/HTTPS contexts. Public refer...
CVE-2013-7436
noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2013-7436
noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
Red Hat docker HTTP degradation vulnerability
Docker is an open-source application container engine that allows developers to package their applications, as well as dependency packages, into a portable container that can then be distributed to any popular Linux machine, as well as virtualized. Red Hat docker package with the --add-registry...
openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nspr (openSUSE-2015-290)
Mozilla Firefox and Thunderbird were updated to fix several important vulnerabilities. Mozilla Firefox was updated to 37.0.1. Mozilla Thunderbird was updated to 31.6.0. mozilla-nspr was updated to 4.10.8 as a dependency. The following vulnerabilities were fixed in Mozilla Firefox : - Miscellaneou...
Security update for MozillaFirefox, MozillaThunderbird, mozilla-nspr (important)
Mozilla Firefox and Thunderbird were updated to fix several important vulnerabilities. Mozilla Firefox was updated to 37.0.1. Mozilla Thunderbird was updated to 31.6.0. mozilla-nspr was updated to 4.10.8 as a dependency. The following vulnerabilities were fixed in Mozilla Firefox: Miscellaneous...
CVE-2015-1843
The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position...
Mozilla Firefox Multiple Vulnerabilities-01 (Apr 2015) - Windows
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Mozilla Firefox Multiple Vulnerabilities-01 (Apr 2015) - Mac OS X
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...