7685 matches found
Authentication flaw
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...
CVE-2014-5277
CVE-2014-5277 affects Docker before 1.3.1 and docker-py before 0.5.3, where fallbacks to HTTP occur if HTTPS to the registry fails. This enables man-in-the-middle downgrade attacks that can lead to exposure of authentication and image data when an attacker sits between the client and registry. Co...
CVE-2014-5277
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...
CVE-2014-5277
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...
CVE-2014-8950
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the 1 URL Filtering or 2 Identity Awareness blade is used, allows remote attackers to cause a denial of service crash via vectors involving an HTTPS request...
Cross site request forgery (csrf)
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the 1 URL Filtering or 2 Identity Awareness blade is used, allows remote attackers to cause a denial of service crash via vectors involving an HTTPS request...
CVE-2014-8950
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the 1 URL Filtering or 2 Identity Awareness blade is used, allows remote attackers to cause a denial of service crash via vectors involving an HTTPS request...
CVE-2014-8950
The CVE-2014-8950 entry concerns Check Point Security Gateway versions R77 and R77.10. The vulnerability affects the URL Filtering and Identity Awareness blades, where an HTTPS request can trigger a denial-of-service (crash). The available documents confirm the affected product and blades, and th...
openSUSE Security Update : docker / go (openSUSE-SU-2014:1411-1)
Docker was updated to version 1.3.1 to fix two security issues and several other bugs. These security issues were fixed : - Prevent fallback to SSL protocols lower than TLS 1.0 for client, daemon and registry CVE-2014-5277. - Secure HTTPS connection to registries with certificate verification and...
iBackup 10.0.0.32 - Local Privilege Escalation
No description provided by source. Exploit Title: iBackup = 10.0.0.32 Local Privilege Escalation Date: 23/01/2014 Author: Glafkos Charalambous glafkos.charalambousatunithreat.com Version: 10.0.0.32 Vendor: IBackup Vendor URL: https://www.ibackup.com/ CVE-2014-5507 Vulnerability Details There are...
[SECURITY] Fedora 20 Update: Pound-2.6-8.fc20
The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web servers. Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL ...
[SECURITY] Fedora 21 Update: Pound-2.7-0.4.d.fc21
The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web servers. Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL ...
[SECURITY] Fedora 19 Update: Pound-2.6-8.fc19
The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web servers. Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL ...
PicsArt Photo Studio For Android Insecure Management Vulnerability
PicsArt Photo Studio for Android fails to properly validate SSL certificates from the server. Insecure management of login credentials in PicsArt Photo Studio for Android 1. Advisory Information Title: Insecure management of login credentials in PicsArt Photo Studio for Android Advisory ID:...
IBM Notes Traveler for Android transmits user credentials over HTTP
Overview The IBM Notes Traveler application for Android does not enforce the use of HTTPS for transmitting user credentials, which can allow an attacker to obtain this information. Description IBM Notes Traveler formerly known as Lotus Notes Traveler is an application that allows access to email,...
Hardcoded credentials
The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the user had intended to use HTTPS...
CVE-2014-6130
The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the user had intended to use HTTPS...
[SECURITY] [DLA 82-1] wget security update
Package : wget Version : 1.12-2.1+deb6u1 CVE ID : CVE-2014-4877 HD Moore of Rapid7 discovered a symlink attack in Wget, a command-line utility to retrieve files via HTTP, HTTPS, and FTP. The vulnerability allows to create arbitrary files on the users system when Wget runs in recursive mode agains...
DLA-82-1 wget - security update
Bulletin has no description...
DSA-3062-1 wget - security update
Bulletin has no description...