Mozilla Firefox ESR < 128.3

The version of Firefox ESR installed on the remote Windows host is prior to 128.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-47 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

Mozilla Firefox < 131.0

The version of Firefox installed on the remote Windows host is prior to 131.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-46 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

ROS-20240924-01

The vulnerability in Firefox and Firefox ESR browsers and Thunderbird email client is related to flaws in the in access control. Exploitation of the vulnerability could allow an attacker acting remotely, redirect a user to an arbitrary URL using a specially crafted extension The vulnerability in...

ROS-20240924-06

A vulnerability in the Garbage Collector component of the Firefox and Firefox ESR browsers and the Thunderbird email client is related to memory release errors in object operations. Thunderbird email client is associated with memory freeing errors when performing operations on objects. Exploitati...

Siemens SINEC Traffic Analyzer Logic Flaw Vulnerability (CNVD-2024-35430)

SINEC Traffic Analyzer is an on-premise application that monitors PNIO PROFINET IO communications between controllers and IO devices. A logic flaw vulnerability exists in Siemens SINEC Traffic Analyzer, which stems from the application's lack of a regular HTTP security header in the web server,...

ROS-20240814-05

A vulnerability in the "Save As" function of Mozilla Firefox, Firefox ESR and Thunderbird email client on Windows operating systems is related to insufficient input data validation. Thunderbird email client of Windows operating systems is related to insufficient input data validation. Exploitatio...

ROS-20240814-06

The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to the use of hidden side channels. exploitation of hidden side channels. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain unauthorized access to protected information...

CVE-2024-41907

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V2.0. The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack...

CVE-2024-41907

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V2.0. The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack...

CVE-2024-41907

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V2.0. The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack...

CVE-2024-41907

The CVE-2024-41907 issue affects Siemens SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) versions prior to 2.0. The root cause described across sources is the web server’s lack of general HTTP security headers, enabling higher likelihood of clickjacking. Red Hat and CNVD entries corroborate the same ...

CVE-2024-41907

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V2.0. The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack...

CVE-2024-30126

HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge...

PT-2024-23200 · Hcl · Hcl Bigfix Compliance

Name of the Vulnerable Software and Affected Versions: HCL BigFix Compliance affected versions not specified Description: The issue is related to a missing X-Frame-Options HTTP header, which can allow an attacker to create a malicious website embedding the target website in a frame or iframe. Thi...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to security configuration errors. This allows attackers to bypass security restrictions and carry out clickjacking attacks.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to security configuration errors. Exploiting these vulnerabilities can allow a remote attacker to bypass security restrictions and carry out a clickjacking attack...

CVE-2024-30109

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended...

CVE-2024-30109

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended...

CVE-2024-30109 Lack of Clickjacking Protection vulnerability affects DRYiCE AEX v10

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended...

CVE-2024-30109 Lack of Clickjacking Protection vulnerability affects DRYiCE AEX v10

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended...

CVE-2024-30109

The CVE-2024-30109 entry concerns HCL DRYiCE AEX: the AEX web application lacks clickjacking protection, enabling an attacker to present layered transparent/opaque frames to lure a user into clicking a control on a different page. Affected component: AEX web application. Root cause: missing prote...