55 matches found
PT-2024-36602 · Hush Line · Hush Line
Name of the Vulnerable Software and Affected Versions: Hush Line versions 0.1.0 through 0.3.4 Description: Hush Line is an open-source whistleblower management system. The production server was misconfigured, missing content security policy and security headers, which could result in bypassing of...
CVE-2023-38125
Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The...
SUSE CVE-2024-1554
The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...
SAP Enable Now 跨站脚本漏洞
SAP Enable Now is a collaborative content creation, management and sharing platform from SAP. The platform is primarily used for e-learning, training, etc. in SAP and non-SAP systems. A cross-site scripting vulnerability exists in SAP Enable Now, which stems from an unimplemented...
SUSE CVE-2005-4348
fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service application crash by sending messages without headers from upstream mail servers...
CVE-2022-46354
A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The webserver of an affected...
CVE-2021-27762
Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses...
CVE-2022-28145
Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting XSS exploitable by attackers with Item/Configure permission or otherwise able to control report contents...
IBM Security Guardium Insights 信息泄露漏洞
IBM Security Guardium Insights is a data security solution from IBM Corporation. IBM Security Guardium Insights has an information disclosure vulnerability in version 3.0 that stems from a failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to...
CVE-2019-16515
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. Certain HTTP security headers are not used...
DEBIAN-CVE-2017-17126
The loaddebugsection function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service invalid memory access and application crash or possibly have unspecified other impact via an ELF file that lacks section headers...
DEBIAN-CVE-2016-2141
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information...
JGroups: Authorization bypass
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information...
JGroups: Authorization bypass
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information...
DEBIAN-CVE-2005-4348
fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service application crash by sending messages without headers from upstream mail servers...