Lucene search
+L

96 matches found

Vulnrichment
Vulnrichment
added 2024/06/14 9:34 p.m.12 views

CVE-2024-30119 HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection...

3.7CVSS6.8AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2024/06/14 9:34 p.m.44 views

CVE-2024-30119

CVE-2024-30119 affects HCL DRYiCE Optibot Reset Station due to a missing Strict Transport Security (HSTS) header. Underlying issue allows potential interception or manipulation of data during redirection. CVSSv3.1/3.1 metrics indicate a base score of 3.7 (LOW) with Network attack vector, high att...

3.7CVSS4.1AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2024/06/04 10:26 p.m.42 views

GHSA-FWHR-88QX-H9G7 Missing security headers in Action Pack on non-HTML responses

Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: = 6.1.0 Not affected: 6.1.0 Fixed Versions: 6.1.7.8,...

5.4CVSS7.2AI score0.00658EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/03/14 12:0 a.m.6 views

vantage6 Security Vulnerabilities

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in vantage6 versions 4.2.0 and earlier that stems from not setting the security header...

5.4CVSS6.8AI score0.00349EPSS
Exploits0References4
Prion
Prion
added 2023/10/26 3:15 p.m.23 views

Code injection

ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to...

4.9CVSS5.7AI score0.00437EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/10/26 2:22 p.m.15 views

CVE-2023-46238 XSS with User Avatar image in ZITADEL

ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to...

8.7CVSS7.2AI score0.00437EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/10/26 2:22 p.m.32 views

CVE-2023-46238 XSS with User Avatar image in ZITADEL

ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to...

8.7CVSS9AI score0.00437EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/10/19 10:23 p.m.24 views

CVE-2023-41897 Lack of XFO header allows clickjacking in Home Assistant Core

Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks...

8.8CVSS9.8AI score0.0095EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/19 12:0 a.m.8 views

Home Assistant Data Falsification Issue Vulnerability

Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in Home assistant versions prior to 2023.9.0, which stems from Home assistant not setting the HTTP security header. An attacker can...

9CVSS6.7AI score0.00271EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/05/18 12:14 a.m.6 views

OpenShift: Missing HTTP Strict Transport Security

Openshift 4.9 does not use HTTP Strict Transport Security HSTS which may allow man-in-the-middle MITM attacks...

7.4CVSS5.8AI score0.00534EPSS
Exploits0References4
Citrix
Citrix
added 2023/03/30 12:0 a.m.13 views

Storefront - Storefront URL becomes inaccessible after adding HTTP Response Header

After mitigating the HTTP Security Header Not Detected Vulnerability in IIS by adding HTTP Response Headers, the Citrix Storefront url may become inaccessible. Users might be presented with the "500 Internal server error" message...

7.1AI score
Exploits0
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.5 views

Siemens SCALANCE Series 安全漏洞

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A security vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices due to a specific security header missing from the affected device's web server...

5.3CVSS6.6AI score0.00677EPSS
Exploits0References3
CVE
CVE
added 2022/12/08 12:0 a.m.96 views

CVE-2022-3260

The CVE-2022-3260 issue is described across sources as an absence of the X-FRAME-OPTIONS header in responses, which can permit clickjacking attacks. The primary description notes that this header is not enabled and some browsers may misinterpret results, enabling clickjacking. The NVD entry assig...

4.8CVSS5.1AI score0.00432EPSS
Exploits1References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/08 4:44 p.m.69 views

Security Bulletin: IBM Security Guardium is affected by a Missing HTTP Strict-Transport-Security Header vulnerability (CVE-2021-39072)

Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2021-39072 DESCRIPTION: IBM Security Guardium could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could explo...

5.9CVSS5.6AI score0.01233EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2022/09/09 7:12 a.m.3 views

hadoop: WebHDFS client might send SPNEGO authorization header

A flaw was found in Apache hadoop. The WebHDFS client can send a SPNEGO authorization header to a remote URL without proper verification which could lead to an access restriction bypass. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

8.8CVSS7.2AI score0.04403EPSS
Exploits0References6
CNVD
CNVD
added 2022/06/15 12:0 a.m.54 views

Siemens SINEMA Remote Connect Server Standard Security Check Implementation Error Vulnerability (CNVD-2022-45210)

SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunneled connections VPNs between headquarters, service technicians, and installed machines or plants.A standard security check implementation error vulnerability exists in Siemens SINEMA Remote Connect...

4.3CVSS1.8AI score0.00631EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/15 12:0 a.m.53 views

Siemens SINEMA Remote Connect Server Standard Security Check Implementation Error Vulnerability

SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunneled connections VPNs between headquarters, service technicians, and installed machines or plants.A standard security check implementation error vulnerability exists in Siemens SINEMA Remote Connect...

4.3CVSS1.7AI score0.00631EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.5 views

Siemens SINEMA Remote Connect Server 安全特征问题漏洞

SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunneled connections VPNs between headquarters, service technicians, and installed machines or plants.A standard security check implementation error vulnerability exists in Siemens SINEMA Remote Connect...

4.3CVSS5.7AI score0.00631EPSS
Exploits0References4
Huntr
Huntr
added 2022/06/09 2:52 a.m.11 views

UI REDRESSING

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept Go to this URL:...

0.7AI score
Exploits0References3
CNNVD
CNNVD
added 2022/02/18 12:0 a.m.4 views

IBM Guardium Data Encryption 安全漏洞

IBM Guardium Data Encryption GDE is a software application from IBM, USA. Provides a data security and compliance solution. An information disclosure vulnerability exists in IBM Guardium Data Encryption that stems from a failure to properly enable HTTP Strict Transport Security, which can be...

5.9CVSS5.7AI score0.0051EPSS
Exploits0References4
Rows per page
Query Builder