The vulnerability in the web client of IBM Datacap Navigator software for document collection and processing involves the absence of a “Secure” flag in session cookies. This allows an attacker to gain unauthorized access to protected information.

The vulnerability of the IBM Datacap Navigator web client software for document collection and processing lies in the absence of a “Secure” flag in the session cookies. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information by intercepting the...

The vulnerability of the software for monitoring and analyzing network traffic in industrial networks, SINEC Traffic Analyzer, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the SINEC Traffic Analyzer software for monitoring and analyzing network traffic in industrial networks stems from the absence of the "Secure", "HttpOnly", or "SameSite" flags in session cookie files. Exploiting this vulnerability can allow an unauthorized attacker to gain...

Netgear WNR614 安全漏洞

The Netgear WNR614 is an N300 wireless router with external antenna from Netgear USA. The Netgear WNR614 suffers from a security vulnerability that stems from not properly setting the HTTPOnly flag of a cookie, which can be exploited by an attacker to intercept and access sensitive communications...

The vulnerability of the Hitachi Ops Center Analyzer software for data analysis and analysis lies in the absence of a “Secure” flag in the HTTPS session cookies. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Hitachi Ops Center Analyzer software-related data analysis and processing programs lies in the absence of the “Secure” flag in the HTTPS session cookies. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected...

The vulnerability of Moxa PT-G503 Ethernet switches’ microprogramming software lies in the absence of a “secure” flag in session cookies, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Moxa PT-G503 Ethernet switches’ microprogramming software is related to the absence of a “secure” flag in the session cookie files. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

SUSE CVE-2011-2224

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...

SUSE CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

SUSE CVE-2015-8470

The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

SUSE CVE-2018-15869

An Amazon Web Services AWS developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image A...

UBUNTU-CVE-2018-25060

A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of a...

kernel: missing DM_TARGET_IMMUTABLE feature flag in verity_target in drivers/md/dm-verity-target.c

A flaw was found in the Linux kernel, where it is possible to modify read-only files due to a missing permission check. This flaw can lead to local privilege escalation...

CVE-2022-32777

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A security vulnerability exists in WWBN AVideo version 11.6, which stems from a missing HttpOnly flag in the session cookie and pass cookie, which can disclose sensitive information...

CVE-2022-1655

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and...

CVE-2021-40650

In Connx Version 6.2.0.1269 20210623, a cookie can be issued by the application and not have the secure flag set...

The vulnerability of the microprogramming software for the Desigo DXR2, PXC3, PXC4, and PXC5 unit stations involves the absence of the “Secure”, “HttpOnly”, or “SameSite” flags in the session cookie files. This allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the microprogramming software for the Desigo DXR2, PXC3, PXC4, and PXC5 station modules is related to the absence of the “Secure”, “HttpOnly”, or “SameSite” flags in the session cookies files. Exploiting this vulnerability can allow an attacker to gain unauthorized access to...

PT-2022-2718 · Siemens · Desigo Pxc4 +3

Name of the Vulnerable Software and Affected Versions: Desigo DXR2 versions prior to V01.21.142.5-22 Desigo PXC3 versions prior to V01.21.142.4-18 Desigo PXC4 versions prior to V02.20.142.10-10884 Desigo PXC5 versions prior to V02.20.142.10-10884 Description: The issue is related to the applicati...

IBM Security SiteProtector System 信息泄露漏洞

The IBM Security SiteProtector System is a centralized management system from IBM USA, Inc. It is used for unified management and analysis of network, server and desktop endpoint security agents and small networks or devices.A security vulnerability exists in the IBM SiteProtector Appliance that...

CVE-2021-20416

IBM Guardium Data Encryption GDE 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218...

openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT

A flaw was found in openssl. The flag that enables additional security checks of certificates present in a certificate chain was not enabled allowing a confirmation step to verify that certificates in the chain are valid CA certificates is bypassed. The highest threat from this vulnerability is t...