Lucene search
+L

499 matches found

osv
osv
added 2019/10/28 3:57 p.m.11 views

SUSE-SU-2019:2798-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2019-16056: Fixed a parser issue in the email module. bsc1149955 - CVE-2018-20852: Fixed an incorrect domain validation that could lead to cookies being sent to the wrong server. bsc1141853...

7.5CVSS6.4AI score0.05366EPSS
Exploits1References5
bdu_fstec
bdu_fstec
added 2019/09/10 12:0 a.m.4 views

The vulnerability of the platform for automating operations in healthcare institutions of the Russian Federation’s entity Tra: The “medicare supply” issue, related to the absence of the defined attribute HTTPOnly, allows a hacker to gain access to the content of cookies files.

The vulnerability of the platform for automating operations in healthcare institutions of the Russian Federation’s Tra: platform is related to the absence of the defined attribute HTTPOnly. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain access to cookie...

7.5CVSS5.5AI score
Exploits0Affected Software1
prion
prion
added 2019/07/13 9:15 p.m.51 views

Design/Logic Flaw

http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...

5CVSS7AI score0.0388EPSS
Exploits1References18Affected Software1
nessus
nessus
added 2019/05/02 12:0 a.m.13 views

Fedora 30 : glpi (2019-e50f92e4c1)

Version 9.4.1.1 Non exhaustive list of changes : - security Bad chevrons rendering on dropdowns 5468 - security Iframe and forms are rendered in rich text contents 5519 - security Type juggling authentication bypass 5520 - security Malicious images upload 5580 - security Password token date was n...

5.5AI score
Exploits0References3
nessus
nessus
added 2019/04/19 12:0 a.m.62 views

Drupal 7.x < 7.66 / 8.5.x < 8.5.15 / 8.6.x < 8.6.15 Multiple Vulnerabilities (drupal-2019-04-17)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.66, 8.5.x prior to 8.5.15, or 8.6.x prior to 8.6.15. It is, therefore, affected by multiple vulnerabilities. - The jQuery project released version 3.4.0, and as part of that, disclose...

9.8CVSS7.9AI score0.0595EPSS
Exploits1References13
nessus
nessus
added 2019/04/08 12:0 a.m.12 views

Fedora 29 : glpi (2019-a66789a334)

Add security fix backported from 9.4 : - security Bad chevrons rendering on dropdowns 5468 - security Iframe and forms are rendered in rich text contents 5519 - security Type juggling authentication bypass 5520 - security Malicious images upload 5580 - security Password token date was not reset...

5.5AI score
Exploits0References1
osv
osv
added 2019/03/04 11:29 p.m.8 views

CVE-2018-5482

NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel...

5.3CVSS5.8AI score0.00926EPSS
Exploits0References2
osv
osv
added 2019/01/07 2:29 p.m.4 views

CVE-2018-5481

OnCommand Unified Manager for 7-Mode core package prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle MITM attacks...

7.4CVSS5.8AI score0.00648EPSS
Exploits0References1
nessus
nessus
added 2018/12/21 12:0 a.m.492 views

IBM BigFix Platform 9.2.x < 9.2.15 / 9.5.x < 9.5.10 Multiple Vulnerabilities

According to its self-reported version, the IBM BigFix Platform application running on the remote host is 9.2.x prior to 9.2.15, or 9.5.x prior to 9.5.10. It is, therefore, affected by multiple vulnerabilities : - IBM BigFix Platform is vulnerable to HTTP response splitting attacks, caused by...

7.5CVSS6.5AI score0.19295EPSS
Exploits0References9
thn
thn
added 2018/11/08 6:47 p.m.4 views

Here's How Hackers Could Have Spied On Your DJI Drone Account

Cybersecurity researchers at Check Point today revealed details of a potential dangerous vulnerability in DJI Drone web app that could have allowed attackers access user accounts and synced sensitive information within it, including flight records, location, live video camera feed, and photos tak...

6AI score
Exploits0
cnvd
cnvd
added 2018/08/21 12:0 a.m.5 views

IBM Security Access Manager for Enterprise Single Sign-On Information Disclosure Vulnerability

IBM Security Access Manager for Enterprise Single Sign-On ISAM ESSO is a suite of identity and access management software from IBM in the United States that provides single sign-on. A security vulnerability exists in IBM ISAM ESSO version 8.2.2 that stems from the program's failure to set securit...

5.3CVSS5.2AI score0.0133EPSS
Exploits0References1
osv
osv
added 2018/08/17 4:29 p.m.6 views

CVE-2017-1732

IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be...

5.3CVSS5.6AI score0.0133EPSS
Exploits0References2
cve
cve
added 2018/08/17 4:0 p.m.41 views

CVE-2017-1732

CVE-2017-1732 affects IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2.2, where authorization tokens or session cookies are not marked as Secure. This enables potential disclosure of cookie values if a user clicks an http link or visits a page containing such a link, allo...

5.3CVSS4.8AI score0.0133EPSS
Exploits0References2Affected Software1
ibm
ibm
added 2018/08/01 9:1 p.m.52 views

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to multiple security vulnerabilities. There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 included in this release ...

9.8CVSS0.6AI score0.88944EPSS
Exploits32Affected Software1
cvelist
cvelist
added 2018/07/26 3:0 p.m.28 views

CVE-2017-2589

It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store cookies are stored locally and are not passed between the client and the end URL which means all clients using that proxy are sharing the same cookies...

8.7CVSS9AI score0.00926EPSS
Exploits0References2
nvd
nvd
added 2018/06/11 9:29 p.m.18 views

CVE-2018-5114

If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox 58...

5.3CVSS4.9AI score0.01578EPSS
Exploits0References5
prion
prion
added 2018/06/11 9:29 p.m.15 views

Design/Logic Flaw

If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox 58...

5CVSS6.2AI score0.01578EPSS
Exploits0References5Affected Software2
hackerone
hackerone
added 2018/04/09 11:7 p.m.67 views

Roblox: Subdomain Takeover to Authentication bypass

Vulnerability Type: ----------- Subdomain Takeover Description: ----------- Due to unclaimed or expired Hubspot instance an attacker is able to claim and serve content from devrel.roblox.com and perform different kind of attacks which i shared in impact section. Affected Area: -----------...

6.9AI score
Exploits0
bdu_fstec
bdu_fstec
added 2017/11/03 12:0 a.m.5 views

The vulnerability of the Hawtio web console in the Apache ActiveMQ software platform allows a malicious actor to reuse the session identifier of an authenticated user.

The vulnerability of the Hawtio web console in the Apache ActiveMQ software platform stems from the lack of setting the HTTPOnly or Secure attributes for cookie files. Exploiting this vulnerability allows a malicious actor to repeatedly use the authenticated user’s session identifier remotely...

7.5CVSS7.4AI score0.02204EPSS
Exploits0References2
osv
osv
added 2017/09/01 9:29 p.m.3 views

CVE-2017-14053

NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

7.5CVSS5.8AI score0.01845EPSS
Exploits0References1
Rows per page
Query Builder