6 matches found
MiracleLinux 8 : bind-9.11.20-5.el8 (AXSA:2021-1277:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1277:01 advisory. bind: asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.c CVE-2020-8619 bind: truncated TSIG response can lead to ...
Mozilla: HSTS policy on subdomain could bypass policy of upper domain
The Mozilla Foundation Security Advisory describes this flaw as: In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain...
Mozilla: HSTS policy on subdomain could bypass policy of upper domain
The Mozilla Foundation Security Advisory describes this flaw as: In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain...
Mozilla: HSTS policy on subdomain could bypass policy of upper domain
The Mozilla Foundation Security Advisory describes this flaw as: In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain...
SUSE CVE-2015-6785
The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy CSP implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a .x.y pattern, which might allow remote attackers to bypass intended access restrictions...
update-policy rules of type "subdomain" are enforced incorrectly
...