K000148689: Qt vulnerability CVE-2023-32762

Security Advisory Description An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when explicitly prohibited by the...

CVE-2024-9681 HSTS subdomain overwrites parent cache entry

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

GLSA-202402-21 : QtNetwork: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202402-21 QtNetwork: Multiple Vulnerabilities - An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowin...

CVE-2023-4342

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy...

CVE-2023-4342 Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy...

CVE-2023-4342 Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy...

SUSE-SU-2023:3225-1 Security update for qt6-base

This update for qt6-base fixes the following issues: - CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate bsc1211994. - CVE-2023-33285: Fixed buffer overflow in QDnsLookup bsc1211642. - CVE-2023-32762: Fixed Qt Network...

Insecure Handling Of Strict-Transport-Security Header

qt6-qtbase is vulnerable to Insecure Handling of Strict-Transport-Security Header. The vulnerability occurs because Qt Network incorrectly parses the Strict-Transport-Security HSTS header, which can result in unencrypted connections being established even when the server explicitly prohibits them...

CVE-2023-32762

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the cas...

CVE-2019-4326

The CVE-2019-4326 entry concerns HCL AppScan Enterprise: the security rules update administration section of the web application console lacks the HTTP Strict-Transport-Security (HSTS) header. Affected component is the admin/service console for AppScan Enterprise; underlying issue is missing HSTS...

CVE-2017-7789

If a server sends two Strict-Transport-Security STS headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security HSTS will not be enabled for the connection. This vulnerability affects Firefox 55...

CVE-2017-7789

If a server sends two Strict-Transport-Security STS headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security HSTS will not be enabled for the connection. This vulnerability affects Firefox 55...

How to harden AdwCleaner’s web backend using PHP

More and more applications are moving from desktop to the web, where they are particularly exposed to security risks. They are often tied to a database backend, and thus need to be properly secured, even though most of the time they are designed to restrict access to authenticated users only. PHP...

Weblate: HttpOnly Flag not set

A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this application then the cookie will be accessible and can be transmitted to another site. HTTP/1.1 200 OK Server: nginx Date: Wed, 26 Apr 2017 08:27:17...

CVE-2016-0297

CVE-2016-0297 affects IBM Tivoli Endpoint Manager (Mobile Device Management). The root cause is a missing HTTP Strict-Transport-Security header, which could enable man-in-the-middle attackers to obtain sensitive information. The provided documents do not specify affected versions, exploit details...

Sucuri: [backups*.sucuri.net] CRLF Injection

Hi, I found the same vulnerability like in 144769 But in this case, the exploitation is more complicated due to the fact being used Strict-Transport-Security. Exploitation is only possible if the user had not previously visited site backups.sucuri.net before. PoC any browser except FireFox:...

Design/Logic Flaw

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests...