CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7607 matches found

Cvelist•added 2011/08/09 10:0 p.m.•18 views

CVE-2011-3014

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation...

6.1AI score0.00275EPSS

Exploits0References2

NVD•added 2011/08/09 7:55 p.m.•17 views

CVE-2008-7297

Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS includeSubDomains featur...

5.8CVSS6.4AI score0.00435EPSS

Exploits0References5

NVD•added 2011/08/09 7:55 p.m.•22 views

CVE-2008-7298

The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS6.5AI score0.00228EPSS

Exploits0References5

NVD•added 2011/08/09 7:55 p.m.•18 views

CVE-2008-7294

Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS6.2AI score0.00315EPSS

Exploits0References6

NVD•added 2011/08/09 7:55 p.m.•11 views

CVE-2008-7295

Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS6.4AI score0.17828EPSS

Exploits0References5

NVD•added 2011/08/09 7:55 p.m.•17 views

CVE-2008-7293

Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS6.4AI score0.0059EPSS

Exploits0References6

UbuntuCve•added 2011/08/09 7:55 p.m.•28 views

CVE-2008-7293

5.8CVSS7.3AI score0.0059EPSS

Exploits0References4

Prion•added 2011/08/09 7:55 p.m.•20 views

Design/Logic Flaw

Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS includeSubDomains...

5.8CVSS6.5AI score0.00435EPSS

Exploits0References5

Prion•added 2011/08/09 7:55 p.m.•11 views

Design/Logic Flaw

5.8CVSS6.9AI score0.17828EPSS

Exploits0References5

Prion•added 2011/08/09 7:55 p.m.•20 views

Design/Logic Flaw

5.8CVSS6.6AI score0.00315EPSS

Exploits0References6Affected Software1

Prion•added 2011/08/09 7:55 p.m.•15 views

Design/Logic Flaw

5.8CVSS7AI score0.00228EPSS

Exploits0References5

Prion•added 2011/08/09 7:55 p.m.•27 views

Design/Logic Flaw

5.8CVSS6.9AI score0.00435EPSS

Exploits0References5

UbuntuCve•added 2011/08/09 7:55 p.m.•23 views

CVE-2008-7294

5.8CVSS6AI score0.00315EPSS

Exploits0References4

Prion•added 2011/08/09 7:55 p.m.•20 views

Design/Logic Flaw

5.8CVSS7AI score0.0059EPSS

Exploits0References6Affected Software1

CVE•added 2011/08/09 7:0 p.m.•63 views

CVE-2008-7293

Mozilla Firefox vulnerability CVE-2008-7293 affects Firefox versions before 4. The issue allows MITM attackers to overwrite or delete cookies via a Set-Cookie header in HTTP responses because HTTPS session cookies are not properly restricted, tied to the absence of the HSTS includeSubDomains feat...

5.8CVSS6.6AI score0.0059EPSS

Exploits0References6Affected Software1

CVE•added 2011/08/09 7:0 p.m.•93 views

CVE-2008-7294

CVE-2008-7294 affects Google Chrome prior to 4.0.211.0. The issue allows a man-in-the-middle to modify cookies established over HTTPS by injecting or removing cookies via a Set-Cookie header in an HTTP response, related to the absence of HSTS includeSubDomains. Impact is limited to cookie integri...

5.8CVSS6.2AI score0.00315EPSS

Exploits0References6Affected Software1

Cvelist•added 2011/08/09 7:0 p.m.•23 views

CVE-2008-7293

6.4AI score0.0059EPSS

Exploits0References6

CVE•added 2011/08/09 7:0 p.m.•94 views

CVE-2008-7298

The CVE-2008-7298 entry concerns the Android browser. It describes a vulnerability where the browser cannot properly restrict modifications to cookies established during HTTPS sessions, enabling a man-in-the-middle to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP respon...

5.8CVSS6.6AI score0.00228EPSS

Exploits0References5Affected Software2

CVE•added 2011/08/09 7:0 p.m.•78 views

CVE-2008-7295

CVE-2008-7295 : Affects Microsoft Internet Explorer by failing to properly restrict modifications to cookies set over HTTPS, allowing a man-in-the-middle attacker to overwrite or delete cookies via a Set-Cookie header in an HTTP response. Root cause cited as lack of HTTP Strict Transport Security...

5.8CVSS6.6AI score0.17828EPSS

Exploits0References5Affected Software1

Cvelist•added 2011/08/09 7:0 p.m.•18 views

CVE-2008-7295

6.4AI score0.17828EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by