Security Bulletin: IBM Content Navigator is vulnerable to cross-site scripting

Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2024-56341 DESCRIPTION: IBM Content Navigator is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus...

Session Recording 2402 - Sessions not getting recorded even though Session Recording is enabled

When the user logs on, users were not seeing the Session Recording notification and also the sessions did not get recorded. We can see some 0KB files on the server side. Session Recording policy was set to record sessions for all users with notification. Session Recording Agent was configured to...

PT-2025-13932 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.5 macOS Sequoia versions prior to 15.4 macOS Sonoma versions prior to 14.7.5 Description: The issue allows a malicious app acting as a HTTPS proxy to access sensitive user data. This is achieved through inadequate...

Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.

Summary BAYEUXBROWSER cookie is generated from Cometd Server and it remains live with the session. In older versions of cometd server, BAYEUXBROWSER cookie was neither true for https nor for secure. But in the current version ie. 5.0.3, there is a provision to make the cookie true for https and...

Security Bulletin: This Power System update is being released to address CVE 2021-29891

Summary POWER9: In response to a security issue with BMC's HTTPS server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2021-29891. Vulnerability Details CVEID:CVE-2021-29891 DESCRIPTION: IBM OPENBMC could allow a privileged...

CVE-2024-44276

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information...

CVE-2024-10718 Cookie without Secure attribute in phpipam/phpipam

In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fixed in version 1.7.0...

phpIPAM 安全漏洞

phpIPAM is the phpIPAM open source suite of open source PHP and MySQL based IP address management applications IPAM. A security vulnerability exists in phpIPAM version 1.5.1, which stems from an unset Secure attribute for sensitive cookies in an HTTPS session, which could result in a user agent...

RLSA-2025:1670 Important: bind9.18 security update

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

CVE-2024-44276

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information...

CVE-2024-44276

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information...

CVE-2024-44276

CVE-2024-44276 affects Apple's Passwords feature in iOS/iPadOS. A privileged network position could leak sensitive information due to sending information over HTTP instead of HTTPS. The issue is fixed in iOS 18.2 and iPadOS 18.2. Root cause: unencrypted network requests (logos/icons and password-...

CVE-2024-44276

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information...

CVE-2024-44276

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information...

CVE-2023-48785

An improper certificate validation vulnerability CWE-295 in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F...

Fortinet FortiNAC-F 信任管理问题漏洞

Fortinet FortiNAC-F is a set of network access control solutions from the American Fiat Fortinet. The product is mainly used for network access control and IoT security. Fortinet FortiNAC-F suffers from a trust management issue vulnerability that stems from improper certificate validation, which...

CVE-2025-24387

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. This issue...

CVE-2024-45324

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0...

CVE-2023-42784

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests...

SUSE CVE-2025-24387

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. This issue...