499 matches found
SUSE-SU-2019:2798-1 Security update for python3
This update for python3 fixes the following issues: - CVE-2019-16056: Fixed a parser issue in the email module. bsc1149955 - CVE-2018-20852: Fixed an incorrect domain validation that could lead to cookies being sent to the wrong server. bsc1141853...
The vulnerability of the platform for automating operations in healthcare institutions of the Russian Federation’s entity Tra: The “medicare supply” issue, related to the absence of the defined attribute HTTPOnly, allows a hacker to gain access to the content of cookies files.
The vulnerability of the platform for automating operations in healthcare institutions of the Russian Federation’s Tra: platform is related to the absence of the defined attribute HTTPOnly. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain access to cookie...
Design/Logic Flaw
http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...
Fedora 30 : glpi (2019-e50f92e4c1)
Version 9.4.1.1 Non exhaustive list of changes : - security Bad chevrons rendering on dropdowns 5468 - security Iframe and forms are rendered in rich text contents 5519 - security Type juggling authentication bypass 5520 - security Malicious images upload 5580 - security Password token date was n...
Drupal 7.x < 7.66 / 8.5.x < 8.5.15 / 8.6.x < 8.6.15 Multiple Vulnerabilities (drupal-2019-04-17)
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.66, 8.5.x prior to 8.5.15, or 8.6.x prior to 8.6.15. It is, therefore, affected by multiple vulnerabilities. - The jQuery project released version 3.4.0, and as part of that, disclose...
Fedora 29 : glpi (2019-a66789a334)
Add security fix backported from 9.4 : - security Bad chevrons rendering on dropdowns 5468 - security Iframe and forms are rendered in rich text contents 5519 - security Type juggling authentication bypass 5520 - security Malicious images upload 5580 - security Password token date was not reset...
CVE-2018-5482
NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel...
CVE-2018-5481
OnCommand Unified Manager for 7-Mode core package prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle MITM attacks...
IBM BigFix Platform 9.2.x < 9.2.15 / 9.5.x < 9.5.10 Multiple Vulnerabilities
According to its self-reported version, the IBM BigFix Platform application running on the remote host is 9.2.x prior to 9.2.15, or 9.5.x prior to 9.5.10. It is, therefore, affected by multiple vulnerabilities : - IBM BigFix Platform is vulnerable to HTTP response splitting attacks, caused by...
Here's How Hackers Could Have Spied On Your DJI Drone Account
Cybersecurity researchers at Check Point today revealed details of a potential dangerous vulnerability in DJI Drone web app that could have allowed attackers access user accounts and synced sensitive information within it, including flight records, location, live video camera feed, and photos tak...
IBM Security Access Manager for Enterprise Single Sign-On Information Disclosure Vulnerability
IBM Security Access Manager for Enterprise Single Sign-On ISAM ESSO is a suite of identity and access management software from IBM in the United States that provides single sign-on. A security vulnerability exists in IBM ISAM ESSO version 8.2.2 that stems from the program's failure to set securit...
CVE-2017-1732
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be...
CVE-2017-1732
CVE-2017-1732 affects IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2.2, where authorization tokens or session cookies are not marked as Secure. This enables potential disclosure of cookie values if a user clicks an http link or visits a page containing such a link, allo...
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities
Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to multiple security vulnerabilities. There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 included in this release ...
CVE-2017-2589
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store cookies are stored locally and are not passed between the client and the end URL which means all clients using that proxy are sharing the same cookies...
CVE-2018-5114
If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox 58...
Design/Logic Flaw
If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox 58...
Roblox: Subdomain Takeover to Authentication bypass
Vulnerability Type: ----------- Subdomain Takeover Description: ----------- Due to unclaimed or expired Hubspot instance an attacker is able to claim and serve content from devrel.roblox.com and perform different kind of attacks which i shared in impact section. Affected Area: -----------...
The vulnerability of the Hawtio web console in the Apache ActiveMQ software platform allows a malicious actor to reuse the session identifier of an authenticated user.
The vulnerability of the Hawtio web console in the Apache ActiveMQ software platform stems from the lack of setting the HTTPOnly or Secure attributes for cookie files. Exploiting this vulnerability allows a malicious actor to repeatedly use the authenticated user’s session identifier remotely...
CVE-2017-14053
NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...