8 matches found
libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...
Exploit for Improper Input Validation in Microsoft
monikerlinktest cve-2024-21413 1. set up tun0 on router via o...
libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...
CVE-2026-24935 An improper certificate validation vulnerability was found in a third-party NAT traversal module.
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...
CVE-2024-31489
AAn improper certificate validation vulnerability CWE-295 in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a...
PT-2021-7020 · Cisco · Cisco Ftd +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the implementation of the Datagram TLS DTLS protocol...
Code injection
The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service device reload by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505...
CVE-2015-0771
The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service device reload by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505...