Moderate: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring Syst...

CVE-2020-36914

CVE-2020-36914 affects QiHang Media Web Digital Signage 3.0.9. The issue is a sensitive information disclosure where authentication credentials can be intercepted because cookies are transmitted in cleartext, enabling potential MITM attackers to capture stored credentials. The sources consistentl...

EUVD-2002-1139

Malware in sbrugna...

EUVD-2021-15511

Malware in sbrugna...

EUVD-2015-3788

Malware in sbrugna...

EUVD-2020-7756

Malware in sbrugna...

EUVD-2013-7200

Malware in sbrugna...

CVE-2021-42699

The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account...

SUSE CVE-2015-3752

The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive...

Code injection

Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplibmisc.php. The secure flag is not set for txplogin session cookie in the application. If the secure flag is not set, then the cookie will be...

TP-Link TL-WPA4220 Information Disclosure Vulnerability (CNVD-2021-43409)

Tp-link TP-Link TL-WPA4220 is a home wireless WiFi bridge that extends wireless signals from China's Tp-link. The device can transmit data at high speed over the line to extend the network to areas that are currently not covered. An information disclosure vulnerability exists in the TP-Link...

Default credentials

TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie...

CVE-2018-5482

NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel...

Cross site request forgery (csrf)

The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive...

CVE-2015-3752

The CVE-2015-3752 issue affects WebKit’s Content Security Policy handling in Safari (and underlying WebKit in iOS) prior to specific updates. The root cause is improper restriction of cookie transmission for CSP report requests, enabling potential leakage of cookies via cross-origin requests or p...

CVE-2015-3752

The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive...

CVE-2015-3752

The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive...

UBUNTU-CVE-2015-3752

The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive...

CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2006-6258

The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting XSS attack...