Siemens SCALANCE Series 安全漏洞

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A security vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices due to a specific security header missing from the affected device's web server...

CVE-2022-3260

The CVE-2022-3260 issue is described across sources as an absence of the X-FRAME-OPTIONS header in responses, which can permit clickjacking attacks. The primary description notes that this header is not enabled and some browsers may misinterpret results, enabling clickjacking. The NVD entry assig...

Security Bulletin: IBM Security Guardium is affected by a Missing HTTP Strict-Transport-Security Header vulnerability (CVE-2021-39072)

Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2021-39072 DESCRIPTION: IBM Security Guardium could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could explo...

hadoop: WebHDFS client might send SPNEGO authorization header

A flaw was found in Apache hadoop. The WebHDFS client can send a SPNEGO authorization header to a remote URL without proper verification which could lead to an access restriction bypass. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

Siemens SINEMA Remote Connect Server Standard Security Check Implementation Error Vulnerability

SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunneled connections VPNs between headquarters, service technicians, and installed machines or plants.A standard security check implementation error vulnerability exists in Siemens SINEMA Remote Connect...

Siemens SINEMA Remote Connect Server Standard Security Check Implementation Error Vulnerability (CNVD-2022-45210)

SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunneled connections VPNs between headquarters, service technicians, and installed machines or plants.A standard security check implementation error vulnerability exists in Siemens SINEMA Remote Connect...

Siemens SINEMA Remote Connect Server 安全特征问题漏洞

SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunneled connections VPNs between headquarters, service technicians, and installed machines or plants.A standard security check implementation error vulnerability exists in Siemens SINEMA Remote Connect...

UI REDRESSING

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept Go to this URL:...

IBM Guardium Data Encryption 安全漏洞

IBM Guardium Data Encryption GDE is a software application from IBM, USA. Provides a data security and compliance solution. An information disclosure vulnerability exists in IBM Guardium Data Encryption that stems from a failure to properly enable HTTP Strict Transport Security, which can be...

JetBrains TeamCity has an unspecified vulnerability (CNVD-2022-09216)

JetBrains TeamCity is a distributed build management and continuous integration tool from Czech company JetBrains Jetbrains. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.JetBrains TeamCity has a security vulnerability that stems from a missi...

Jetbrains JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a distributed build management and continuous integration tool from Czech company JetBrains Jetbrains. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.JetBrains TeamCity has a security vulnerability that stems from a missi...

QNAP QTS HTTP Security Header Vulnerability (QSA-21-03)

QNAP QTS is prone to a HTTP security header vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescripti...

Security Bulletin: IBM i2 Analyze missing security header (CVE-2021-29769)

Summary Some secure header options were missing in communication with the i2 Analyze server. Vulnerability Details CVEID: CVE-2021-29769 DESCRIPTION: IBM i2 Analyst's Notebook Premium does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the...

CVE-2019-8834

A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iClo...

CVE-2020-7696

This affects all versions of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to...

Regular Expression Denial of Service (ReDoS)

Overview websocket-extensions is a Generic extension manager for WebSocket connections Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. The EXTLIST variable within extension parser may take quadratic time when parsing literal backslash \ followed by...

CVE-2019-4667

IBM UrbanCode Deploy UCD 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID:...

CVE-2019-19001

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentia...

NetApp OnCommand Workflow Automation Information Disclosure Vulnerability

NetApp OnCommand Workflow Automation is a suite of storage process management software from American NetApp. The software provides storage configuration, storage cloning and other functions for the database or file system. An information disclosure vulnerability exists in NetApp OnCommand Workflo...

IBM Security Information Queue Input Validation Error Vulnerability

IBM Security Information Queue is a data integration product from IBM USA. The product utilizes Kafka technology and a publish-subscribe model to integrate data between IBM security products. A security vulnerability exists in IBM Security Information Queue versions 1.0.0, 1.0.1, and 1.0.2, which...