CVE-2018-17192

The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on...

CVE-2018-17192

The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on...

CVE-2018-17192

The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on...

CVE-2018-17192

CVE-2018-17192 affects Apache NiFi where the X-Frame-Options headers were inconsistently applied on HTTP responses, leading to duplicate or missing security headers and potential clickjacking. The issue is documented across multiple sources, with mitigations indicating that a fix was applied in N...

Kaspersky: URL Advisor component in KIS products family is vulnerable to Universal XSS

Summary In Microsoft Edge, URL Advisor UI is served as first-party content on every domain. So the XSS vulnerability I found in this UI automatically applies to all websites, it allows running code in the context of any domain. Description URL Advisor frame is located under...

Kaspersky: Certificate warnings and similar UI elements in Web protection of Anti-Virus products family are susceptible to clickjacking

Summary Clickjacking can be used to trick users into overriding certificate warnings, disabling Safe Money functionality or phishing alerts. Description On certificate warning pages, a single click is sufficient to trigger overriding a wrong certificate. While an additional warning is displayed...

IBM Security Access Manager Clickjacking Vulnerability

IBM Security Access Manager is a product for information security management applications from IBM, USA. The product enables access management control through integrated devices for web, mobile and cloud computing. A clickjacking vulnerability exists in IBM Security Access Manager versions 9.0.1....

Mozilla Firefox 'feed preview' page clickjacking vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in the embedded feed preview page in Mozilla Firefox versions prior to 64. A remote attacker can exploit this vulnerability to trick a user into downloading and...

IBM BigFix Platform Clickjacking Vulnerability

IBM BigFix Platform is a dynamic set of IBM's integrated messaging content-driven and management system multi-technology platform. A clickjacking vulnerability exists in IBM BigFix Platform versions 9.5 through 9.5.9 and 9.2 through 9.2.14, which can be exploited by remote attackers with the help...

FreeBSD : mozilla -- multiple vulnerabilities (d10b49b2-8d02-49e8-afde-0844626317af)

Mozilla Foundation reports : CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Use-after-free with select element CVE-2018-18493: Buffer overflow in...

Cybozu Remote Service Clickjacking Vulnerability

Cybozu Remote Service is Cybozu's remote service management software for accessing Cybozu's internal systems. A security vulnerability exists in the client certificates management page in Cybozu Remote Service versions 3.0.0 through 3.1.8. The vulnerability can be exploited to trick users into...

Mozilla Firefox < 64.0

The version of Firefox installed on the remote Windows host is prior to 64.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-29 advisory. - A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a ra...

Security vulnerabilities fixed in Firefox 64 — Mozilla

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Use-after-free with select element CVE-2018-18493: Buffer overflow in...

Multiple vulnerabilities in Cybozu Remote Service

Overview Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Upload of arbitrary files in logo setting screen CWE-434 - CVE-2018-16169 Directory traversal in used device management screen CWE-22 - CVE-2018-16170 Directory traversal in client certificates...

JVN#23161885: Multiple vulnerabilities in Cybozu Remote Service

Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Upload of arbitrary files in logo setting screen CWE-434 - CVE-2018-16169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

IBM i2 Enterprise Insight Analysis Clickjacking Vulnerability

IBM i2 Enterprise Insight Analysis is a suite of data analytics and integration solutions from IBM USA. The product is characterized by interoperability and scalability. A clickjacking vulnerability exists in IBM i2 Enterprise Insight Analysis version 2.1.7, which can be exploited by remote...

Unspecified Vulnerability in Green Electronics RainMachine Mini-8 and Touch HD 12 Web Applications

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are both products of Green Electronics USA.Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler and Touch HD 12 Web Application is a web-based...

CVE-2018-6909

A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request...

Design/Logic Flaw

A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request...