63 matches found
KNIME Business Hub 安全漏洞
KNIME Business Hub is KNIME's enterprise software for data science automation, deployment modeling, team collaboration and management workflows. A security vulnerability exists in KNIME Business Hub versions prior to 1.4.0 that stems from a missing HTTP header. An attacker exploited the...
Design/Logic Flaw
Transient DOS in WLAN Firmware while processing frames with missing header fields...
CVE-2023-21659 Buffer Over-read in WLAN Firmware
Transient DOS in WLAN Firmware while processing frames with missing header fields...
Qualcomm Chipsets 缓冲区错误漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a denial of service in the WLAN firmware while processing frames with missing header fields...
PT-2023-18322 · Unknown · Wlan Firmware
Name of the Vulnerable Software and Affected Versions: WLAN Firmware affected versions not specified Description: The issue is related to a transient Denial of Service DOS in WLAN Firmware. It occurs when the firmware processes frames with missing header fields. Recommendations: At the moment,...
CVE-2021-43202
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases...
Design/Logic Flaw
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases...
PT-2021-20859 · Unknown · Kiwi Syslog Server
Name of the Vulnerable Software and Affected Versions: Kiwi Syslog Server affected versions not specified Description: A missing HTTP header X-Frame-Options has left customers vulnerable to clickjacking. Clickjacking is an attack where an attacker uses a transparent iframe to trick a user into...
Denial of Service (DoS)
Overview github.com/pires/go-proxyproto is a Go library implementation of the PROXY protocol, versions 1 and 2. Affected versions of this package are vulnerable to Denial of Service DoS via creating connections without the proxy protocol header. Details Denial of Service DoS describes a family of...
CVE-2021-26924
An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header...
PT-2021-17179 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 1.8.4 Description: An issue was discovered where browser XSS protection is not activated due to the missing XSS protection header. Recommendations: For versions prior to 1.8.4, update to version 1.8.4 or later to...
Design/Logic Flaw
"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."...
CVE-2019-4326
"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."...
CVE-2019-19002
For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting...
DEBIAN-CVE-2019-16410
An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to access a memory region that is not allocated, because of a lack of headerlen checking...
Missing 'Content-Type' Header
The Content-Type header allows clients to find an appropriate way to render data, omission of this header can facilitate MIME sniffing attacks. No source data...
Missing 'Expect-CT' Header (deprecated)
The Expect-CT header allows sites to opt in to reporting and or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. This URL is flagged as a specific example. The Expect-CT will likely become obsolete in June...
Missing 'X-Content-Type-Options' Header
The HTTP 'X-Content-Type-Options' response header prevents the browser from MIME-sniffing a response away from the declared content-type. The server did not return a correct 'X-Content-Type-Options' header, which means that this website could be at risk of a Cross-Site Scripting XSS attack. No...
USN-3781-2 webkit2gtk regression
USN-3781-1 fixed vulnerabilities in WebKitGTK+. The updated package was missing some header files, preventing certain applications from building. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A large number of security issues were discovered in the...
OSIsoft PI Vision Cross-Site Scripting Vulnerability
PI Vision is the leading visualization tool for quick, easy and secure access to all PI System™ data. A cross-site scripting vulnerability exists in OSIsoft PI Vision 2017 and prior versions, which can be exploited by remote attackers to inject arbitrary web script or HTML because the...