HSTS subdomain overwrites parent cache entry

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

Qnap QTS Improper Restriction of Rendered UI Layers or Frames (CVE-2018-19957)

A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS...

CVE-2024-30132

HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors...

CVE-2024-30132

HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors...

CVE-2024-30132 Missing default HTTP security headers affect HCL Nomad server on Domino

HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors...

CVE-2024-30132

CVE-2024-30132 concerns the HCL Nomad server on Domino not configuring certain HTTP security headers by default. Connected sources identify the vulnerable component as the HCL Nomad server on Domino, with the issue tied to missing default HTTP security headers, enabling potential information disc...

CVE-2024-30132 Missing default HTTP security headers affect HCL Nomad server on Domino

HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors...

Siemens SINEC Traffic Analyzer Logic Flaw Vulnerability (CNVD-2024-35430)

SINEC Traffic Analyzer is an on-premise application that monitors PNIO PROFINET IO communications between controllers and IO devices. A logic flaw vulnerability exists in Siemens SINEC Traffic Analyzer, which stems from the application's lack of a regular HTTP security header in the web server,...

CVE-2024-41907

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V2.0. The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack...

CVE-2024-41907

The CVE-2024-41907 issue affects Siemens SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) versions prior to 2.0. The root cause described across sources is the web server’s lack of general HTTP security headers, enabling higher likelihood of clickjacking. Red Hat and CNVD entries corroborate the same ...

CVE-2024-41907

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V2.0. The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack...

PT-2024-5818 · Ibm · Ibm Qradar Network Packet Capture

Name of the Vulnerable Software and Affected Versions: IBM QRadar Network Packet Capture version 7.5 Description: The issue is related to the failure to properly enable HTTP Strict Transport Security, which could allow a remote attacker to obtain sensitive information using man-in-the-middle...

Malicious code in Be.Vlaandereո.Basisregisters.AspNetCore.Mvc.Middlewаre.AddHttpSeсurityHeаders (NuGet)

--- -= Per source details. Do not edit below this line.=-...

RHEL 8 : Release of OpenShift Serverless Client kn 1.30.1 (RHSA-2023:5479)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:5479 advisory. Red Hat OpenShift Serverless Client kn 1.30.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.30.1. The kn CLI is delivered as an RPM...

CVE-2024-23559

HCL DevOps Deploy / Launch is generating an obsolete HTTP header...

PT-2024-1840 · Unknown · Spring Security

Name of the Vulnerable Software and Affected Versions: Spring Security versions 6.1.x through 6.1.6 Spring Security versions 6.2.x through 6.2.1 Description: The issue is related to broken access control in Spring Security when the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication...

Medium: golang

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

CVE-2023-4958 Stackrox: missing http security headers allows for clickjacking in web ui

In Red Hat Advanced Cluster Security RHACS, it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptivel...

Sophos Web Appliance UsrBlocked.php command injection

Added: 11/24/2023 CVE: CVE-2023-1671 Background Sophos Web Appliance is a web proxy providing HTTP security. Problem A vulnerability in UsrBlocked.php allows remote attackers to inject arbitrary commands into an HTTP request. Resolution Upgrade to Sophos Web Appliance 4.3.10.4 or higher. Referenc...

Sophos Web Appliance UsrBlocked.php command injection

Added: 11/24/2023 CVE: CVE-2023-1671 Background Sophos Web Appliance is a web proxy providing HTTP security. Problem A vulnerability in UsrBlocked.php allows remote attackers to inject arbitrary commands into an HTTP request. Resolution Upgrade to Sophos Web Appliance 4.3.10.4 or higher. Referenc...