Vulnerability & Exploit Database

Displaying entries 1 - 10 of 23 in total

Results for: CVE-2014-1582 Back to search

SUSE: CVE-2014-1582: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: October 15, 2014

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an ...

Oracle Solaris 11: CVE-2014-1582: Vulnerability in Firefox Vulnerability

  • Severity: 4
  • Published: October 15, 2014

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an ...

MFSA2014-80 SeaMonkey: Key pinning bypasses (CVE-2014-1582) Vulnerability

  • Severity: 4
  • Published: October 15, 2014

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an ...

Gentoo Linux: CVE-2014-1582: Mozilla Products: Multiple vulnerabilities Vulnerability

  • Severity: 4
  • Published: October 15, 2014

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an ...

USN-2372-1: Firefox vulnerabilities Vulnerability

  • Severity: 8
  • Published: October 14, 2014

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.

MFSA2014-80 Firefox: Key pinning bypasses (CVE-2014-1582) Vulnerability

  • Severity: 4
  • Published: October 14, 2014

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an ...

FreeBSD: mozilla -- multiple vulnerabilities (Multiple CVEs) Vulnerability

  • Severity: 8
  • Published: October 14, 2014

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.

DSA-2880-1 python2.7 -- security update Vulnerability

  • Severity: 8
  • Published: February 28, 2014

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

VMSA-2014-0012: Update to ESXi Python package (CVE-2013-4238) Vulnerability

  • Severity: 4
  • Published: August 17, 2013

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Author...

USN-1985-1: Python 3.3 vulnerabilities Vulnerability

  • Severity: 4
  • Published: August 17, 2013

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Author...