CVE-2012-3976

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page...

CVE-2012-3976

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page...

Symantec Endpoint Protection code execution

Multiple security vulnerabilities on TCP/8433 https request parsing...

CVE-2010-5189

Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session...

Session fixation

Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session...

CVE-2010-5189

Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session...

Session fixation

Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set the secure flag for the Encrypted Session SSL cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2012-4592

The Portal in McAfee Enterprise Mobility Manager EMM before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

The Portal in McAfee Enterprise Mobility Manager EMM before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2012-4592

The Portal in McAfee Enterprise Mobility Manager EMM before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2012-4592

CVE-2012-4592 affects the McAfee Enterprise Mobility Manager (EMM) Portal prior to 10.0. The vulnerability is that the ASP.NET session cookie is not marked as Secure in HTTPS sessions, enabling attackers to capture the cookie by intercepting its transmission over HTTP. The connected documents rep...

Moderate: Red Hat Security Advisory: mod_cluster security update

Updated modcluster packages that fix one security issue are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

Debian: Security Advisory (DSA-2482-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : nss on SL4.x, SL5.x, SL6.x i386/x86_64

Network Security Services NSS is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority CA issued HTTPS certificates with weak keys. This update renders an...

Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64

This erratum blacklists a small number of HTTPS certificates. BZ689430 After installing the update, SeaMonkey must be restarted for the changes to take effect. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'deprecatednasllevel.inc';...

Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2010-3169, CVE-2010-2762 Several use-after-free and dangling point...

Scientific Linux Security Update : thunderbird on SL4.x, SL5.x, SL6.x i386/x86_64

This erratum blacklists a small number of HTTPS certificates. BZ689430 This update also fixes the following bug : - Previous security updates introduced a regression, preventing some Java content and plug-ins written in Java from loading. With this update, the Java content and plug-ins work as...

Scientific Linux Security Update : nss on SL4.x, SL5.x, SL6.x i386/x86_64

Network Security Services NSS is a set of libraries designed to support the development of security-enabled client and server applications. This erratum blacklists a small number of HTTPS certificates by adding them, flagged as untrusted, to the NSS Builtin Object Token the libnssckbi.so library...

Scientific Linux Security Update : ca-certificates on SL6.x

This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure PKI. It was found that a Certificate Authority CA issued fraudulent HTTPS certificates. This update removes that CA's root certificate from the ca-certificates...

Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64

This erratum blacklists a small number of HTTPS certificates. BZ689430 These updated firefox packages also fixes the following bug : - Prior to this update, some Java applets would fail to load in the 3.6.14 version of Firefox. In this newly-released version Firefox 3.6.15, Java applets no longer...