84 matches found
CVE-2025-34114
CVE-2025-34114 affects OpenBlow whistleblowing platform. The vulnerability is a client-side misconfiguration due to missing critical HTTP response headers: Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Resource-Policy across multiple ...
CVE-2023-48256
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request...
CVE-2022-34329
IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467...
CVE-2024-2377
A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information...
CVE-2024-42179
CVE-2024-42179 describes a sensitive information disclosure in HCL MyXalytics where the HTTP response header reveals the server software name and version (Microsoft-HTTP API/2.0). The underlying issue is exposure of server identity, not a direct code execution vector. Public sources in the connec...
Advisory ROSA-SA-2024-2477
software: squid 5.9 WASP: ROSA-CHROME packageevrstring: squid-5.9-2 CVE-ID: CVE-2023-46724 BDU-ID: 2023-07699 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to errors in SSL/TLS certificate validation. Exploitation of the vulnerability could allow an attacker actin...
PT-2024-20073 · Sdm600 · Sdm600
Name of the Vulnerable Software and Affected Versions: SDM600 affected versions not specified Description: A vulnerability exists in the too permissive HTTP response header web server settings. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive...
Arbitrary Code Injection
Firefox, Firefox ESR, and Thunderbird are vulnerable to Arbitrary Code Injection. The vulnerability is due to the incorrect honoring of Set-Cookie response headers in multipart HTTP responses. If an attacker could manipulate the Content-Type response header and control part of the response body,...
USN-6649-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-1547, CVE-2024-1548,...
Design/Logic Flaw
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...
CVE-2024-1551
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...
Security Bulletin: Security configurations for Rest servers in XSLD
Summary These security vulnerabilities were found during Dynamic scans performed on XSLD 8.6.1.6. Please follow the remediation given to resolve these issues. Vulnerability Details 1 Unnecessary Http Response Headers found in the Application. Description : The response contains unnecessary header...
F5 Networks BIG-IP : TMM vulnerability (K25400442)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.3.6 / 14.1.2.5 / 15.1.1 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K25400442 advisory. - On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and...
Cross-site Scripting (XSS)
actionpack is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the redirectto functio of redirecting.rb does not properly check the provided URL for illegal characters, resulting in the downstream services which enforce RFC compliance on HTTP response headers to remove the...
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
NIOHTTP1 and projects using it for generating HTTP responses, including SwiftNIO, can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious...
SUSE CVE-2008-4818
Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers...
Security Bulletin: IBM CICS TX Standard could allow an attacker to obtain sensitive information from HTTP response headers (CVE-2022-34329).
Summary IBM CICS TX Standard could allow an attacker to obtain sensitive information from HTTP response headers. The fix removes this vulnerability CVE-2022-34329 from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2022-34329 DESCRIPTION: IBM CICS TX could allow an attacker to obtain...
Security Bulletin: IBM CICS TX Advanced could allow an attacker to obtain sensitive information from HTTP response headers (CVE-2022-34329).
Summary IBM CICS TX Advanced could allow an attacker to obtain sensitive information from HTTP response headers. The fix removes this vulnerability CVE-2022-34329 from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2022-34329 DESCRIPTION: IBM CICS TX could allow an attacker to obtain...
Vulnerable SDK components lead to supply chain risks in IoT and OT environments
December 8, 2022 update - Reflected additional research on Boa-related CVEs and updated supply chain diagram. Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External...
CVE-2022-34329
IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467...