GHSA-HHXG-PX5H-JC32 Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute

A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The name of the pat...

Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly...

phpMyAdmin vulnerable to Cross-site Scripting

setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI...

NanoHTTPD Information Disclosure Vulnerability

NanoHTTPD is a lightweight HTTP server designed to be embedded in other applications, released under a modified BSD license. An information disclosure vulnerability exists in all versions of the NanoHTTPD package. The vulnerability stems from the fact that when an HTTP request body is parsed in a...

CVE-2022-21230

This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to ...

Directory traversal

This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to ...

CVE-2022-21230 Information Exposure

This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to ...

CVE-2022-21230

CVE-2022-21230 affects all versions of the org.nanohttpd:nanohttpd package. During HTTP request body parsing, the body larger than 1024 bytes is written to a RandomAccessFile with insecure permissions, allowing other users on the host to view its contents (information disclosure). The issue is ro...

GHSA-Q42Q-523G-3FWV Cross-Site Request Forgery

This affects the package com.softwaremill.akka-http-session:core2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection...

com.codacy:codacy-seed-client-akka-http_2.11 (>=1.1.0-master.51.7b7549c_akka25Circe08 <=1.2.0_akka25Circe08), com.softwaremill.akka-http-session:jwt_2.11 (>=0.2.0 <=0.5.10) potentially affected by CVE-2020-7780 via com.softwaremill.akka-http-session:core_2.11 (>=0.2.0 <=0.5.10)

com.softwaremill.akka-http-session:core2.11 MAVEN version =0.2.0, =1.1.0-master.51.7b7549cakka25Circe08, =0.2.0, =0.5.10 Source cves: CVE-2020-7780 Source advisory: OSV:GHSA-Q42Q-523G-3FWV...

Cross-Site Request Forgery

This affects the package com.softwaremill.akka-http-session:core2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection...

com.softwaremill.akka-http-session:jwt_2.13 (=0.5.10) potentially affected by CVE-2020-7780 via com.softwaremill.akka-http-session:core_2.13 (=0.5.10)

com.softwaremill.akka-http-session:core2.13 MAVEN version =0.5.10 is affected by a known vulnerability. The following packages have a transitive dependency on com.softwaremill.akka-http-session:core2.13 and may be impacted: - com.softwaremill.akka-http-session:jwt2.13 =0.5.10 Source cves:...

com.codacy:codacy-seed-client-akka-http_2.12 (>=1.1.0-master.51.7b7549c_akka25Circe08 <=1.2.0_akka25Circe08), com.softwaremill.akka-http-session:jwt_2.12 (>=0.3.0 <=0.5.10) potentially affected by CVE-2020-7780 via com.softwaremill.akka-http-session:core_2.12 (>=0.3.0 <=0.5.10)

com.softwaremill.akka-http-session:core2.12 MAVEN version =0.3.0, =1.1.0-master.51.7b7549cakka25Circe08, =0.3.0, =0.5.10 Source cves: CVE-2020-7780 Source advisory: OSV:GHSA-Q42Q-523G-3FWV...

com.boxframework:box-server_2.12 (>=1.2.22 <=1.2.23), com.codacy:codacy-seed-client-akka-http_2.12 (>=1.1.0-master.51.7b7549c_akka25Circe08 <=1.2.0_akka25Circe08) +1 more potentially affected by CVE-2020-28452 via com.softwaremill.akka-http-session:core_2.12 (>=0.3.0 <=0.6.0)

com.softwaremill.akka-http-session:core2.12 MAVEN version =0.3.0, =1.2.22, =1.1.0-master.51.7b7549cakka25Circe08, =0.3.0, =0.6.0 Source cves: CVE-2020-28452 Source advisory: OSV:GHSA-4JF5-JGGP-G56J...

Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12

This affects the package com.softwaremill.akka-http-session:core2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core2.11; the package com.softwaremill.akka-http-session:core2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request...

GHSA-4JF5-JGGP-G56J Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12

This affects the package com.softwaremill.akka-http-session:core2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core2.11; the package com.softwaremill.akka-http-session:core2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request...

CVE-2021-37189

An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...

Session fixation

An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...

CVE-2021-37189

An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...

Ubuntu 18.04 LTS / 20.04 LTS : Unbound vulnerabilities (USN-4938-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4938-1 advisory. It was discovered that Unbound contained multiple security issues. A remote attacker could possibly use these issues to cause a denial of...