Lucene search
+L

1359 matches found

ThreatPost
ThreatPost
added 2015/06/10 11:47 a.m.118 views

Microsoft Brings HSTS to Windows 7 and 8.1

In the midst of a relatively light Patch Tuesday, Microsoft yesterday introduced an extra measure of security for users running Internet Explorer 11 on Windows 7 and Windows 8.1 machines: HSTS. Short for HTTP Strict Transport Security, HSTS is a browser header that forces any sessions sent over...

9.3CVSS8.3AI score0.99945EPSS
Exploits33References5
Positive Technologies
Positive Technologies
added 2015/05/04 12:0 a.m.3 views

PT-2015-6227 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 4.1.2 Description: The issue allows remote attackers to inject arbitrary web script or HTML via a crafted character in a comment, potentially affecting WordPress installations that use MySQL without strict mode. Th...

4.3CVSS6.3AI score0.17945EPSS
Exploits3References30
Tenable Nessus
Tenable Nessus
added 2015/04/29 12:0 a.m.34 views

Debian DSA-3238-1 : chromium-browser - security update

Several vulnerabilities were discovered in the chromium web browser. - CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. - CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. - CVE-2015-1237 Khalil Zhani discovered a use-after-fr...

7.5CVSS8.7AI score0.02702EPSS
Exploits3References34
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.7 views

The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the integrity and accessibility of protected information.

The vulnerability of the selinux-policy-strict-2.4.6 package of the Red Hat Enterprise Linux operating system can lead to a breach of the integrity and accessibility of protected information. This vulnerability can be exploited remotely...

6.4CVSS6.6AI score0.95182EPSS
Exploits21References2
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.6 views

Vulnerabilities of the Debian GNU/Linux operating system, which allow a remote attacker to compromise the integrity and accessibility of protected information

The multiple vulnerabilities in the selinux-policy-refpolicy-strict package of the Debian GNU/Linux operating system may lead to a violation of the integrity and accessibility of protected information. These vulnerabilities can be exploited remotely...

6.4CVSS6.6AI score0.95182EPSS
Exploits21References3Affected Software1
Debian
Debian
added 2015/04/27 2:41 a.m.91 views

[SECURITY] [DSA 3238-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3238-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 26, 2015 http://www.debian.org/security/faq -...

7.5CVSS0.5AI score0.02702EPSS
Exploits3
OpenVAS
OpenVAS
added 2015/04/26 12:0 a.m.34 views

Debian Security Advisory DSA 3238-1 (chromium-browser - security update)

Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. CVE-2015-1237 Khalil Zhani discovered a use-after-free iss...

7.5CVSS0.3AI score0.02702EPSS
Exploits3References1
OSV
OSV
added 2015/04/26 12:0 a.m.35 views

DSA-3238-1 chromium-browser - security update

Bulletin has no description...

7.5CVSS8.1AI score0.02702EPSS
Exploits3
OpenVAS
OpenVAS
added 2015/04/25 12:0 a.m.29 views

Debian: Security Advisory (DSA-3238-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.02702EPSS
Exploits3References3
OSV
OSV
added 2015/04/19 12:0 a.m.3 views

UBUNTU-CVE-2015-1244

The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...

5CVSS7.3AI score0.01445EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2015/04/16 8:33 a.m.5 views

chromium-browser: HSTS bypass in WebSockets

The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...

5CVSS7.4AI score0.01445EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/04/16 12:0 a.m.32 views

Google Chrome < 42.0.2311.90 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities as referenced in the 201504stable-channel-update14 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attacke...

7.5CVSS8.9AI score0.02702EPSS
Exploits1References26
Tenable Nessus
Tenable Nessus
added 2015/04/16 12:0 a.m.35 views

Google Chrome < 42.0.2311.90 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities as referenced in the 201504stable-channel-update14 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers...

7.5CVSS8.9AI score0.02702EPSS
Exploits1References26
ArchLinux
ArchLinux
added 2015/04/14 12:0 a.m.44 views

ruby: permissive certificate verification

After reviewing RFC 6125 and RFC 5280, multiple violations were found of matching hostnames and particularly wildcard certificates. Rubys OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. In particular, matching ...

4.7CVSS1.6AI score0.02815EPSS
Exploits0References3
RubySec
RubySec
added 2015/04/13 12:0 a.m.38 views

Ruby OpenSSL Hostname Verification

After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates. Ruby’s OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. In particular, matching o...

5.9CVSS1.7AI score0.02815EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2015/04/13 12:0 a.m.54 views

Ruby -- OpenSSL Hostname Verification Vulnerability

Ruby Developers report: After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates. Ruby’s OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. I...

5.9CVSS6.4AI score0.02815EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/04/10 2:0 p.m.23 views

CVE-2015-1090

CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security HSTS state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file...

4.8AI score0.01485EPSS
Exploits0References4
Hacker One
Hacker One
added 2015/03/12 4:34 p.m.23 views

itBit Exchange: ITBit Vulnerable to SSLSTrip

www.itbit.com details: High Level, description It is possible for a malicious user to capture credential information of a www.itbit.com user with the use of SSLStrip. The scenario is that if a user is in a internet cafe and browses the internet while a malicious user intercepts his traffic, the w...

6.6AI score
Exploits0
OSV
OSV
added 2015/02/25 12:0 a.m.4 views

UBUNTU-CVE-2015-0832

Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . dot character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.5...

5CVSS6.9AI score0.01052EPSS
Exploits0References6
seebug.org
seebug.org
added 2015/01/14 12:0 a.m.19 views

Mao10CMS v3.0.2 储存型xss

简要描述: rt 详细说明: 过滤不严。 以官网为例。 社区发布新话题 成功加载了js 地址 http://www.mao10.com/post-1772.html 然后用户的cookie就来了。。。 漏洞证明:...

7.1AI score
Exploits0
Rows per page
Query Builder