CVE-2020-1728

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...

CVE-2019-19090 ABB eSOMS: Secure Flag not set

For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping...

CVE-2013-3960

Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass...

CVE-2019-16515

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. Certain HTTP security headers are not used...

CVE-2019-16515

CVE-2019-16515 affects ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185. The issue is that certain HTTP security headers are not used, with CVSS metrics indicating a network-exposed, low-complexity vulnerability (Base Score ~6.4–6.5) affecting confidentiality and integrity (PARTIAL) b...

Debian DLA-1996-1 : libapache2-mod-auth-openidc security update

A security vulnerability was found in libapache2-mod-auth-openidc, the OpenID Connect authentication module for the Apache HTTP server. Insufficient validation of URLs leads to an Open Redirect vulnerability. An attacker may trick a victim into providing credentials for an OpenID provider by...

Missing HTTP Security Headers in NetApp OnCommand Workflow Automation - US

Lenovo Security Advisory: LEN-29480 Potential Impact: Information Disclosure Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2019-5503 Summary Description: NetApp reported that OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers...

Missing HTTP Security Headers in NetApp OnCommand Workflow Automation - Lenovo Support US

No description provided...

CVE-2019-5503

OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

Design/Logic Flaw

OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

CVE-2019-5503

CVE-2019-5503 concerns NetApp OnCommand Workflow Automation. The affected product versions “prior to 5.0” allegedly shipped without certain HTTP security headers, potentially enabling information disclosure via unspecified vectors. The Red Hat/Lenovo entries confirm the same CVE description and r...

CVE-2019-5495

OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

Design/Logic Flaw

Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

Design/Logic Flaw

OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

CVE-2019-5496

Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

CVE-2019-5495

OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

CVE-2019-5494

OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

Design/Logic Flaw

OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

CVE-2019-5496

Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

CVE-2019-5495

OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...