Lucene search
+L

1359 matches found

CVE
CVE
added 2017/02/01 8:0 p.m.63 views

CVE-2016-0297

CVE-2016-0297 affects IBM Tivoli Endpoint Manager (Mobile Device Management). The root cause is a missing HTTP Strict-Transport-Security header, which could enable man-in-the-middle attackers to obtain sensitive information. The provided documents do not specify affected versions, exploit details...

4.3CVSS4.8AI score0.0093EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/02/01 8:0 p.m.26 views

CVE-2016-8966

IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...

5.4AI score0.01227EPSS
Exploits0References2
Nmap
Nmap
added 2016/12/30 2:25 p.m.4663 views

http-hsts-verify NSE Script

Verify that HTTP Strict Transport Security is enabled. HTTP Strict-Transport-Security HSTS RFC 6797 forces a web browser to communicate with a web server over HTTPS. This script examines HTTP Response Headers to determine whether HSTS is configured. References:...

7.2AI score
Exploits0
CNVD
CNVD
added 2016/12/29 12:0 a.m.3 views

Multiple IBM Security Access Manager Product Information Disclosure Vulnerabilities

IBM Security Access Manager ISAM and others are products of IBM Corporation in the U.S. ISAM is a security access manager; IBM Security Access Manager for Web is a solution that provides mobile access security through a modular software package. An information disclosure vulnerability exists in a...

5.9CVSS6.1AI score0.01227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2016/12/20 12:0 a.m.10 views

PT-2016-3150 · Apache +5 · Apache Http Server +5

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.2.32 and 2.4.25 Description: The issue is related to the improper handling of data by the Apache HTTP Server, which was liberal in accepting whitespace from requests and sending it in response lines and...

8.1CVSS6.5AI score0.7907EPSS
Exploits8References132
OSV
OSV
added 2016/12/08 9:59 p.m.7 views

CVE-2015-8967

arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access...

7.8CVSS6.5AI score
Exploits0References8
Prion
Prion
added 2016/12/08 9:59 p.m.16 views

Design/Logic Flaw

arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access...

9.3CVSS6.8AI score0.00833EPSS
Exploits0References4Affected Software2
UbuntuCve
UbuntuCve
added 2016/12/08 12:0 a.m.30 views

CVE-2015-8967

arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access...

9.3CVSS7.1AI score0.00833EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2016/11/09 12:0 a.m.1366 views

HP System Management Homepage < 7.6 Multiple Vulnerabilities (HPSBMU03653) (httpoxy)

According to its banner, the version of HP System Management Homepage SMH hosted on the remote web server is prior to 7.6. It is, therefore, affected by the following vulnerabilities : - A heap buffer overflow condition exists in OpenSSL in the EVPEncodeUpdate function within file...

9.8CVSS8.4AI score0.89058EPSS
Exploits18References28
Hacker One
Hacker One
added 2016/10/26 5:10 p.m.18 views

Sucuri: [backups*.sucuri.net] CRLF Injection

Hi, I found the same vulnerability like in 144769 But in this case, the exploitation is more complicated due to the fact being used Strict-Transport-Security. Exploitation is only possible if the user had not previously visited site backups.sucuri.net before. PoC any browser except FireFox:...

0.1AI score
Exploits0
CNVD
CNVD
added 2016/10/25 12:0 a.m.4 views

IBM Security Guardium Database Activity Monitor Man-in-the-Middle Attack Vulnerability

IBM Security Guardium Database Activity Monitor is a database activity monitor product from IBM USA. The product provides features such as automated controls for compliance and protection against internal and external threats. IBM Security Guardium Database Activity Monitor suffers from a...

4.3CVSS6.6AI score0.0103EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2016/10/22 3:59 a.m.2 views

CVE-2016-0240

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP...

4.3CVSS5AI score0.0103EPSS
Exploits0References3
CNVD
CNVD
added 2016/10/16 12:0 a.m.4 views

IBM Sterling Secure Proxy Configuration Manager Information Disclosure Vulnerability

IBM Sterling Secure Proxy SSP is an unprotected zone DMZ-based application proxy from IBM USA that protects file transfers from the public Internet.Configuration Manager is one of the configuration management components. An information disclosure vulnerability exists in Configuration Manager in I...

6.1CVSS6.2AI score0.00808EPSS
Exploits0References1
OSV
OSV
added 2016/10/06 10:59 a.m.3 views

CVE-2016-6027

The Configuration Manager in IBM Sterling Secure Proxy SSP 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP...

6.1CVSS5.8AI score0.00808EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2016/09/19 12:0 a.m.3 views

The vulnerability of Google Chrome’s browser allows a hacker to determine which website was visited using an HSTS connection.

The vulnerability of the CSPSource::schemeMatches function WebKit/Source/core/frame/csp/CSPSource.cpp in the CSP component of the Blink browser Google Chrome is related to errors in applying security policies designed for http and ws protocols to secure https and wss protocols. Exploiting this...

4.3CVSS6.8AI score0.01283EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2016/08/22 12:0 a.m.245 views

SSL/TLS: HTTP Strict Transport Security (HSTS) Detection

Checks if the remote web server has HTTP Strict Transport Security HSTS enabled. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References5
OpenVAS
OpenVAS
added 2016/08/22 12:0 a.m.51 views

SSL/TLS: `preload` Missing in HSTS Header

The remote web server is missing the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.105878";...

7.5AI score
Exploits0References6
OpenVAS
OpenVAS
added 2016/08/22 12:0 a.m.10 views

SSL/TLS: `includeSubDomains` Missing in HSTS Header

The remote web server is missing the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.105877";...

7.5AI score
Exploits0References5
OpenVAS
OpenVAS
added 2016/08/22 12:0 a.m.32 views

SSL/TLS: HTTP Strict Transport Security (HSTS) Missing

The remote web server is not enforcing HTTP Strict Transport Security HSTS. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References7
ThreatPost
ThreatPost
added 2016/08/01 1:54 p.m.13 views

Google Adds New Layer of Security to Domain: Adds HSTS

Google is adding HTTP Strict Transport Security or HSTS to the Google.com domain, an extra layer of protection that prevents visitors from using a less secure HTTP connection. By using HSTS, visitors following HTTP links to Google.com will be automatically redirected to the more secure HTTPS...

7AI score
Exploits0References8
Rows per page
Query Builder