62 matches found
Design/Logic Flaw
A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS...
CVE-2018-19957
CVE-2018-19957 concerns insufficient HTTP security headers in QNAP QTS, QuTS hero, and QuTScloud. The vulnerability affects QNAP NAS platforms running QTS, QuTS hero, and QuTScloud, enabling remote attackers to launch privacy/security attacks. The issue has been addressed by explicit fixes: QTS 4...
CVE-2018-19957 Insufficient HTTP Security Headers in QTS, QuTS hero, and QuTScloud
A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS...
CVE-2021-27615
SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting XSS attacks...
Cross site scripting
SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting XSS attacks...
CVE-2021-27615
SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting XSS attacks...
Improper Restriction of Rendered UI Layers or Frames in Keycloak
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...
CVE-2020-1728
A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...
CVE-2020-1728
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...
CVE-2020-1728
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...
CVE-2020-1728
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...
CVE-2020-1728
CVE-2020-1728 affects Red Hat’s Red Hat Single Sign-On / Keycloak projects. The issue is described as security headers missing on REST endpoints for Keycloak, which could ease client-side attacks like clickjacking or other header-reliant abuse. The connected Red Hat advisories explicitly link thi...
CVE-2019-16515
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. Certain HTTP security headers are not used...
CVE-2019-16515
CVE-2019-16515 affects ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185. The issue is that certain HTTP security headers are not used, with CVSS metrics indicating a network-exposed, low-complexity vulnerability (Base Score ~6.4–6.5) affecting confidentiality and integrity (PARTIAL) b...
Missing HTTP Security Headers in NetApp OnCommand Workflow Automation - Lenovo Support US
No description provided...
Missing HTTP Security Headers in NetApp OnCommand Workflow Automation - US
Lenovo Security Advisory: LEN-29480 Potential Impact: Information Disclosure Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2019-5503 Summary Description: NetApp reported that OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers...
Design/Logic Flaw
Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...
CVE-2019-5495
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...
Design/Logic Flaw
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...
CVE-2019-5495
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...