CVE-2019-1982

A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due t...

UBUNTU-CVE-2019-3685

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary...

CVE-2019-2751

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: OHS Config MBeans. Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle...

Security Bulletin: IBM Security Information Queue web server allows downgrading to non-secure HTTP

Summary The IBM Security Information Queue ISIQ web server defaults to HTTPS, but does not enforce it. This could result in users navigating to an unencrypted version of ISIQ's web application. As of ISIQ v1.0.3, HTTPS is now enforced. Vulnerability Details CVEID: CVE-2019-4162 DESCRIPTION: IBM...

Security Bulletin: IBM OpenPages GRC Platform has addressed secure HTTP header improvements (CVE-2017-1290)

Summary IBM OpenPages GRC Platform has addressed potential security exposure due to some missing secure HTTP headers Vulnerability Details CVEID: CVE-2017-1290 DESCRIPTION: IBM OpenPages GRC Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

CVE-2017-5384

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

UBUNTU-CVE-2018-10100

Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS...

tomcat: Infinite loop in the processing of https requests

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop...

WebKitGTK+ Late TLS Certificate Validation Vulnerability

WebKitGTK+ is a versatile port for the WebKit rendering engine. A security vulnerability exists in the Late TLS certificate validation of WebKitGTK+. A remote attacker can exploit this vulnerability to obtain secure HTTP request information via sniffing...

Design/Logic Flaw

Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies...

CVE-2015-2330

Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies...

HTTPS Protocol Certificate Validation Vulnerability in AVTECH Devices

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. AVTECH devices are vulnerable to HTTPS protocol certificate validation vulnerability. SyncCloudAccount.sh, QueryFromClient.s...

PT-2014-2155 · Debian · Apt

Name of the Vulnerable Software and Affected Versions: apt versions prior to 0.8.11 Description: The issue allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors when the certificate host name fails validation and Verify-Host is enabled. Recommendations: For...

Apple iTunes Multiple Vulnerabilities (HT6001) - Windows

Apple iTunes is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:itunes";...

Tomcat - Denial Of Service when using NIO+SSL+sendfile

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service infinite loop by terminating the connection during the reading of a...

PT-2012-6098 · Apache · Apache Cxf

Name of the Vulnerable Software and Affected Versions: Apache CXF versions prior to 2.7.0 Description: The issue arises from the wsdl first https sample code in Apache CXF, which fails to verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field...

DEBIAN-CVE-2010-4340

libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle MITM attack...

Facebook Adds Two-Factor Authentication

Social networking giant Facebook announced on Tuesday that it was introducing a two-factor security feature that will make user accounts harder to hijack. The announcement was part of a group of security enhancements by Facebook that includes improved secure HTTP features and social reporting too...

DEBIAN-CVE-2010-3900

Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312...

Zeus Trojan Now Has Hardware Licensing Scheme

The authors of the Zeus bot client, perhaps the most popular and pervasive piece of malware of its kind right now, have taken an extraordinary step to protect their creation: inserting a hardware-based licensing scheme into the Trojan. This represents a significant leap in the sophistication and...