CVE-2024-30126

HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge...

CVE-2024-30126

CVE-2024-30126 affects HCL BigFix Compliance due to a missing X-Frame-Options HTTP header. The issue enables an attacker to host the target site in a frame/iframe, potentially tricking users into performing actions without their knowledge. Documented impact is limited to framing-related risks; no...

CVE-2024-30126 HCL BigFix Compliance is affected by a missing X-Frame-Options Header vulnerability

HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge...

PT-2024-23200 · Hcl · Hcl Bigfix Compliance

Name of the Vulnerable Software and Affected Versions: HCL BigFix Compliance affected versions not specified Description: The issue is related to a missing X-Frame-Options HTTP header, which can allow an attacker to create a malicious website embedding the target website in a frame or iframe. Thi...

IBM Datacap Navigator HTTP Header Injection Vulnerability

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. IBM Datacap Navigator suffers from an HTTP header injection vulnerability that originates from an input validation error in the HOST header, which can be exploited by an attacker to conduct cross-site...

CVE-2024-39736

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

CVE-2024-39736

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

CVE-2024-39736

IBM Datacap Navigator 9.1.5–9.1.9 is affected by HTTP header injection due to improper validation of HOST headers. The vulnerability allows an attacker to perform cross-site scripting, cache poisoning, or session hijacking against vulnerable systems. Affected product/version: Datacap Navigator 9....

CVE-2024-39736 IBM Datacap Navigator HTTP HOST header injection

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

curl: Denial of Service in curl Request - HTTP headers eat all memory

Vulnerability description not provided...

Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing

Impact In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby Docker Engine prior to 20.10.11 treat the Content-Type...

GHSA-W235-7P84-XX57 Tornado has a CRLF injection in CurlAsyncHTTPClient headers

Summary Tornado’s curlhttpclient.CurlAsyncHTTPClient class is vulnerable to CRLF carriage return/line feed injection in the request headers. Details When an HTTP request is sent using CurlAsyncHTTPClient, Tornado does not reject carriage return \r or line feed \n characters in the request headers...

RHEL 8 : mod_security_crs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...

RHEL 7 : xmlrpc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xmlrpc: XML external entity vulnerability SSRF via a crafted DTD CVE-2016-5002 - xmlrpc: Deserialization ...

RHEL 4 : cups (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - cups: insufficient checking of the HTTP Host: header CVE-2009-0164 Note that Nessus has not tested for this issue b...

Improper Input Validation

Symfony is vulnerable to Improper Input Validation. The vulnerability is due to trusting the remote address when at least one trusted proxy is involved, allowing an attacker to manipulate HTTP header values...

GHSA-MXJF-HC9V-XGV2 ExtJS JavaScript framework used in TYPO3 vulnerable to Cross-site Scripting

Failing to properly validate the HTTP host-header TYPO3 CMS is susceptible to host spoofing. TYPO3 uses the HTTP host-header to generate absolute URLs in several places like 404 handling, https enforcement, password reset links and many more. Since the host header itself is provided by the client...

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 273 Vulnerability Details CVEID:CVE-2021-32052 DESCRIPTION: Django is vulnerable to HTTP header injection, caused by improper validation of input in URLValidator. By persuading a victim to visit a...

HTTP Header Spoofing

silverstripe/framework is vulnerable to HTTP header spoofing. The vulnerability is due to trusting all originating IPs to include HTTP headers for Hostname, IP, and Protocol, which results in reverse proxies forwarding requests while retaining the original request information...