On February 20, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory detailing a certificate validation vulnerability in the Medixant RadiAnt DICOM Viewer. This vulnerability, tracked as CVE-2025-1001, poses a potential risk where attackers might exploit the...
Original release date: March 16, 2017
Systems Affected
All systems behind a hypertext transfer protocol secure (HTTPS) interception product are potentially affected.
Overview
Many organizations use HTTPS interception products for several purposes, including detecting malware that uses HTTPS...
Original release date: May 23, 2016
Systems Affected
Windows, OS X, Linux systems, and web browsers with WPAD enabled
Overview
Web Proxy Auto-Discovery (WPAD) Domain Name System (DNS) queries that are intended for resolution on private or enterprise DNS servers have been observed reaching...
attack
collision
configuration
dns
enterprise
gtld
internal
linux
mitm
network
os x
proxy
public dns
recommendations
security
traffic
vulnerability
web browsers
windows
wpad
Severity Rating: Important
Revision Note: V1.0 (May 10, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker injects unencrypted data into the target secure channel and...
Revision Note: V1.0 (May 10, 2016): Advisory published.
Summary: FalseStart allows the TLS client to send application data before receiving and verifying the server Finished message. This allows an attacker to launch a man-in-the-middle (MiTM) attack to force the TLS client to encrypt the first...
Revision Note: V1.0 (May 10, 2016): Advisory published.
Summary: FalseStart allows the TLS client to send application data before receiving and verifying the server Finished message. This allows an attacker to launch a man-in-the-middle (MiTM) attack to force the TLS client to encrypt the first...
advisory
application data
cipher suites
client
downgrade attacks
encryption
falsestart
microsoft
mitm
network security
protocol
records
revision note
security
server
technet
tls
update
version 1.0
Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate...
attack
bulletin
client
cybersecurity
important
microsoft
mitm
ms15-121
november 2015
patch
revision
schannel
security
server
spoofing
update
vulnerability
windows
Severity Rating: Important
Revision Note: V1.1 (March 5, 2015): Advisory revised to clarify the reason why no workaround exists for systems running Windows Server 2003. See the Advisory FAQ for more information.
Summary: Microsoft is aware of a security feature bypass vulnerability in Secure...
Original release date: February 20, 2015
Systems Affected
Lenovo consumer PCs that have Superfish VisualDiscovery installed and potentially others.
Overview
Superfish adware installed on some Lenovo PCs install a non-unique trusted root certification authority (CA) certificate, allowing an...
Original release date: October 17, 2014
Systems Affected
All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this...