Lucene search
+L

191 matches found

CVE
CVE
added 2021/10/19 6:16 p.m.55 views

CVE-2021-0296

The CVE-2021-0296 entry concerns Juniper Networks CTPView server not enforcing HTTP Strict Transport Security (HSTS). Affected versions are Juniper CTPView 7.3 before 7.3R7 and 9.1 before 9.1R3. Root cause: lack of HSTS header enforcement, which can enable downgrade attacks, SSL-stripping MITM, a...

7.4CVSS7.3AI score0.00488EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/10/14 12:0 a.m.3 views

Juniper Networks CtpView输入验证错误漏洞

Juniper Networks CtpView is a network management system from Juniper Networks, Inc. It is used to enable managers to deploy circuits while monitoring the network. An input validation error vulnerability exists in the CTPView server that stems from the product's failure to implement HSTS detection...

7.4CVSS7.3AI score0.00488EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/09/08 12:0 a.m.20 views

Docker < 1.3.1 SSL Fallback Vulnerability

Docker is prone to an SSL fallback vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5CVSS8.1AI score0.01867EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2021/08/30 11:54 a.m.25 views

How Does MTA-STS Improve Your Email Security?

Simple Mail Transfer Protocol or SMTP has easily exploitable security loopholes. Email routing protocols were designed in a time when cryptographic technology was at a nascent stage e.g., the de-facto protocol for email transfer, SMTP, is nearly 40 years old now, and therefore security was not an...

Exploits0
OSV
OSV
added 2021/08/25 8:58 p.m.22 views

GHSA-8928-2FGM-6X9X HTTP Request Smuggling in actix-http

Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...

7.5CVSS7.4AI score0.0181EPSS
Exploits1References7
GitLab Advisory Database
GitLab Advisory Database
added 2021/08/25 12:0 a.m.11 views

HTTP Request Smuggling in actix-http

Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...

7.5CVSS6.9AI score0.0181EPSS
Exploits1References8Affected Software1
RustSec
RustSec
added 2021/06/16 12:0 p.m.18 views

Potential request smuggling capabilities due to lack of input validation

Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...

7.5CVSS3.5AI score0.0181EPSS
Exploits1Affected Software1
OSV
OSV
added 2021/06/16 12:0 p.m.43 views

RUSTSEC-2021-0081 Potential request smuggling capabilities due to lack of input validation

Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...

7.5CVSS7.4AI score0.0181EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2021/01/25 1:46 p.m.4 views

Enhancing Email Security with MTA-STS and SMTP TLS Reporting

In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the...

5.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/10/14 11:16 a.m.4 views

keycloak: security headers missing on REST endpoints

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

5.8CVSS5.8AI score0.00764EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/10/08 10:28 a.m.4 views

keycloak: security headers missing on REST endpoints

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

5.8CVSS5.8AI score0.00764EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/02 9:47 a.m.4 views

keycloak: security headers missing on REST endpoints

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

5.8CVSS5.8AI score0.00764EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/18 4:34 p.m.4 views

keycloak: security headers missing on REST endpoints

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

5.8CVSS5.8AI score0.00764EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/18 4:24 p.m.5 views

keycloak: security headers missing on REST endpoints

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

5.8CVSS5.8AI score0.00764EPSS
Exploits0References4
OSV
OSV
added 2020/04/15 9:9 p.m.46 views

GHSA-3GG7-9Q2X-79FC Improper Restriction of Rendered UI Layers or Frames in Keycloak

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...

5.8CVSS6.8AI score0.00764EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2020/04/15 9:9 p.m.77 views

Improper Restriction of Rendered UI Layers or Frames in Keycloak

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...

5.8CVSS1.2AI score0.00764EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2020/04/08 9:16 p.m.36 views

CVE-2020-1728

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

5.8CVSS2AI score0.00764EPSS
Exploits0References3
OSV
OSV
added 2020/04/06 2:15 p.m.33 views

CVE-2020-1728

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...

5.4CVSS6.6AI score0.00764EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/04/06 1:4 p.m.49 views

CVE-2020-1728

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...

4.8CVSS5.6AI score0.00764EPSS
Exploits0References1
CVE
CVE
added 2020/04/06 1:4 p.m.130 views

CVE-2020-1728

CVE-2020-1728 affects Red Hat’s Red Hat Single Sign-On / Keycloak projects. The issue is described as security headers missing on REST endpoints for Keycloak, which could ease client-side attacks like clickjacking or other header-reliant abuse. The connected Red Hat advisories explicitly link thi...

5.8CVSS5.2AI score0.00764EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder