FreeBSD : py-matrix-synapse -- multiple vulnerabilities (d9f686f3-fde0-48dc-ab0a-01c2fe3e0529)

Matrix developers report : Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild. - A malicious homeserver could force Synapse to reset the state in a room to a small subset o...

py-matrix-synapse -- multiple vulnerabilities

Matrix developers report: Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild. A malicious homeserver could force Synapse to reset the state in a room to a small subset of t...

Authentication flaw

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentia...

Improper Restriction of Rendered UI Layers or Frames in Apache nifif

The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on...

CVE-2017-18088

Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 the fixed version for 5.3.x, from version 5.4.0 before 5.4.6 the fixed version for 5.4.x, from version 5.5.0 before 5.5.6 the fixed version for 5.5.x, from version 5.6.0 before 5.6.3 the fixed version for 5.6.x,...

Design/Logic Flaw

pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not...

CVE-2017-1000479

pfSense

Clickjacking Attacks

github.com/sensu/uchiwa is vulnerable to clickjacking attacks. The vulnerability exists due to the lack of X-Frame-Options header in the HTTP responses sent by the web server...

CVE-2016-5947

IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site...

CVE-2016-5160

The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...

JVN#04125292: Cybozu Mailwise contains issue in preventing clickjacking attacks

Cybozu Mailwise contains multiple pages for editing/sending bulk emails. Some of these pages fail to protect against clickjacking attacks. Impact If a user views a malicious page while logged in, the user may be tricked into conducting unintended operations. Solution Update the Software Update to...

openSUSE Security Update : hawk2 (openSUSE-2016-971)

This update for hawk2 fixes one security issue and one bug. The following security change is included : - To prevent Clickjacking attacks, set Content-Security-Policy to frame-ancestors 'self' bsc984619 The following non-security issue was fixed : - In the Wizards UI, prevent text display issues...

CVE-2016-0314

The Report Builder and Data Collection Component DCC in IBM Jazz Reporting Service JRS 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors...

CVE-2016-0314

The Report Builder and Data Collection Component DCC in IBM Jazz Reporting Service JRS 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors...

CVE-2016-2831

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service UI outage, or conduct clickjacking or spoofing attacks, via a crafted web site...

Firefox < 47 Multiple Vulnerabilities (Mac OS X)

The version of Firefox installed on the remote Mac OS X host is prior to 47. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. CVE-2016-2815, CVE-2016-2818 - An overflow...

CVE-2016-0734

The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a 1 FRAME or 2 IFRAME element...

Code injection

The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors...

Ubuntu 14.04 LTS : Firefox regression (USN-2880-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2880-2 advisory. USN-2880-1 fixed vulnerabilities in Firefox. This update introduced a regression which caused Firefox to crash on startup with some configurations. This update...

CVE-2016-1140

KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors...