Lucene search
K

84 matches found

CVE
CVE
added 2025/07/25 3:52 p.m.21 views

CVE-2025-34114

CVE-2025-34114 affects OpenBlow whistleblowing platform. The vulnerability is a client-side misconfiguration due to missing critical HTTP response headers: Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Resource-Policy across multiple ...

8.4CVSS5.8AI score0.00162EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 4:17 a.m.9 views

CVE-2023-48256

The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request...

6.3CVSS7AI score0.00302EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:23 a.m.10 views

CVE-2022-34329

IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467...

5.3CVSS5.9AI score0.00673EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:11 a.m.6 views

CVE-2024-2377

A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information...

7.6CVSS6.8AI score0.00205EPSS
Exploits0References1
CVE
CVE
added 2025/01/12 9:46 p.m.105 views

CVE-2024-42179

CVE-2024-42179 describes a sensitive information disclosure in HCL MyXalytics where the HTTP response header reveals the server software name and version (Microsoft-HTTP API/2.0). The underlying issue is exposure of server identity, not a direct code execution vector. Public sources in the connec...

2.7CVSS3.6AI score0.0022EPSS
Exploits0References1Affected Software1
Rosalinux
Rosalinux
added 2024/09/25 9:36 a.m.21 views

Advisory ROSA-SA-2024-2477

software: squid 5.9 WASP: ROSA-CHROME packageevrstring: squid-5.9-2 CVE-ID: CVE-2023-46724 BDU-ID: 2023-07699 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to errors in SSL/TLS certificate validation. Exploitation of the vulnerability could allow an attacker actin...

9.3CVSS7.1AI score0.85944EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.8 views

PT-2024-20073 · Sdm600 · Sdm600

Name of the Vulnerable Software and Affected Versions: SDM600 affected versions not specified Description: A vulnerability exists in the too permissive HTTP response header web server settings. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive...

7.6CVSS6AI score0.00205EPSS
Exploits0References6
Veracode
Veracode
added 2024/02/22 4:14 a.m.27 views

Arbitrary Code Injection

Firefox, Firefox ESR, and Thunderbird are vulnerable to Arbitrary Code Injection. The vulnerability is due to the incorrect honoring of Set-Cookie response headers in multipart HTTP responses. If an attacker could manipulate the Content-Type response header and control part of the response body,...

6.1CVSS6.7AI score0.00743EPSS
Exploits1References7Affected Software3
Ubuntu
Ubuntu
added 2024/02/22 3:11 a.m.60 views

USN-6649-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-1547, CVE-2024-1548,...

9.8CVSS7.8AI score0.00937EPSS
Exploits2
Prion
Prion
added 2024/02/20 2:15 p.m.23 views

Design/Logic Flaw

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...

5.7AI score0.00743EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2024/02/20 1:21 p.m.30 views

CVE-2024-1551

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...

6.1CVSS8.2AI score0.00743EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 9:50 a.m.12 views

Security Bulletin: Security configurations for Rest servers in XSLD

Summary These security vulnerabilities were found during Dynamic scans performed on XSLD 8.6.1.6. Please follow the remediation given to resolve these issues. Vulnerability Details 1 Unnecessary Http Response Headers found in the Application. Description : The response contains unnecessary header...

7.1AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/11/03 12:0 a.m.23 views

F5 Networks BIG-IP : TMM vulnerability (K25400442)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.3.6 / 14.1.2.5 / 15.1.1 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K25400442 advisory. - On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and...

7.5CVSS7.4AI score0.01032EPSS
Exploits0References2
Veracode
Veracode
added 2023/07/03 9:16 a.m.29 views

Cross-site Scripting (XSS)

actionpack is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the redirectto functio of redirecting.rb does not properly check the provided URL for illegal characters, resulting in the downstream services which enforce RFC compliance on HTTP response headers to remove the...

4CVSS6AI score0.00332EPSS
Exploits2
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/07 12:0 a.m.41 views

SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

NIOHTTP1 and projects using it for generating HTTP responses, including SwiftNIO, can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious...

7.5CVSS7AI score0.00541EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:6 a.m.2 views

SUSE CVE-2008-4818

Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers...

4.3CVSS6AI score0.04731EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:14 p.m.28 views

Security Bulletin: IBM CICS TX Standard could allow an attacker to obtain sensitive information from HTTP response headers (CVE-2022-34329).

Summary IBM CICS TX Standard could allow an attacker to obtain sensitive information from HTTP response headers. The fix removes this vulnerability CVE-2022-34329 from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2022-34329 DESCRIPTION: IBM CICS TX could allow an attacker to obtain...

5.3CVSS5AI score0.00673EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:4 p.m.40 views

Security Bulletin: IBM CICS TX Advanced could allow an attacker to obtain sensitive information from HTTP response headers (CVE-2022-34329).

Summary IBM CICS TX Advanced could allow an attacker to obtain sensitive information from HTTP response headers. The fix removes this vulnerability CVE-2022-34329 from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2022-34329 DESCRIPTION: IBM CICS TX could allow an attacker to obtain...

5.3CVSS5AI score0.00673EPSS
Exploits0Affected Software1
Microsoft Secure
Microsoft Secure
added 2022/11/22 5:0 p.m.83 views

Vulnerable SDK components lead to supply chain risks in IoT and OT environments

December 8, 2022 update - Reflected additional research on Boa-related CVEs and updated supply chain diagram. Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External...

10CVSS0.4AI score0.99999EPSS
Exploits354
NVD
NVD
added 2022/11/14 6:15 p.m.17 views

CVE-2022-34329

IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467...

5.3CVSS0.00673EPSS
Exploits0References3
Rows per page
Query Builder