Lucene search
K

7691 matches found

NVD
NVD
added 2021/10/21 6:15 p.m.12 views

CVE-2021-35227

The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available...

7.8CVSS0.0046EPSS
Exploits0References2
Prion
Prion
added 2021/10/21 6:15 p.m.12 views

Design/Logic Flaw

The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available...

4.6CVSS7.5AI score0.0046EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/10/21 5:41 p.m.49 views

CVE-2021-35227

CVE-2021-35227 affects SolarWinds ARM with RabbitMQ Plugin on version 2020.2.6, where the HTTP interface was enabled and HTTPS configuration was unavailable. The issue arises from exposing an HTTP management interface without HTTPS configuration. CVSS data in sources show a high impact (CVSS3.1 b...

7.8CVSS5.9AI score0.0046EPSS
Exploits0References2Affected Software1
ArchLinux
ArchLinux
added 2021/10/21 12:0 a.m.65 views

[ASA-202110-6] nodejs-lts-erbium: multiple issues

Arch Linux Security Advisory ASA-202110-6 ========================================= Severity: High Date : 2021-10-21 CVE-ID : CVE-2021-22939 CVE-2021-22940 CVE-2021-22959 CVE-2021-22960 Package : nodejs-lts-erbium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2285...

7.5CVSS1.1AI score0.1473EPSS
Exploits3References24
RedHat Linux
RedHat Linux
added 2021/10/20 3:36 p.m.4 views

OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

5.3CVSS6.8AI score0.06886EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/10/20 1:59 p.m.3 views

OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

5.3CVSS6.8AI score0.06886EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/10/20 1:47 p.m.7 views

OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

5.3CVSS6.8AI score0.06886EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/10/20 10:51 a.m.16 views

CVE-2021-35666

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: OSSL Module. The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful...

5.9CVSS6AI score0.01204EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/10/20 10:51 a.m.13 views

CVE-2021-35666

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: OSSL Module. The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful...

5.9CVSS6.2AI score0.01204EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/10/19 12:0 a.m.143 views

Node.js Multiple Vulnerabilities (August 2021 Security Releases)

The version of Node.js installed on the remote host is prior to 12.22.5 or 14.17.5 or 16.6.2. It is, therefore, affected by multiple vulnerabilities including the following: - A remote command execution vulnerability exists in Node.js due to insufficient validation of untypical characters in doma...

9.8CVSS7.7AI score0.21952EPSS
Exploits2References4
Huntr
Huntr
added 2021/10/18 5:18 a.m.7 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in tsolucio/corebos

Description Session cookie is not marked with 'Secure' Proof of Concept Login to demo page http://demo.corebos.com/index.php?action=index&module=Home Open Firefox developer option - storage - check secure option...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/10/16 6:16 p.m.10 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq

✍️ Description The secure flag is not set for session cookie in the application. Proof of Concept Check this for POC: Image Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/10/15 4:28 a.m.10 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in craigk5n/webcalendar

Description Session cookie is not marked with 'Secure' Proof of Concept Login to demo page http://webcalendar.sourceforge.net/demo/ Open Firefox developer option - storage - check secure option...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/10/14 7:12 p.m.5 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in frontaccountingerp/fa

✍️ Description The secure flag is not set for session cookie "PHPSESSID" in the application. Proof of Concept Check this for POC: Image Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing...

0.4AI score
Exploits0
UbuntuCve
UbuntuCve
added 2021/10/14 9:15 a.m.30 views

CVE-2021-3882

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection HTTP, an attacker may be able to obtain the authentication data by capturing network...

6.8CVSS6.3AI score0.00941EPSS
Exploits1References7
Cvelist
Cvelist
added 2021/10/14 8:20 a.m.16 views

CVE-2021-3882 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ledgersmb/ledgersmb

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection HTTP, an attacker may be able to obtain the authentication data by capturing network...

5.9CVSS7AI score0.00941EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2021/10/14 8:20 a.m.20 views

CVE-2021-3882

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection HTTP, an attacker may be able to obtain the authentication data by capturing network...

6.8CVSS6AI score0.00941EPSS
Exploits1
CVE
CVE
added 2021/10/14 8:20 a.m.65 views

CVE-2021-3882

LedgerSMB CVE-2021-3882 concerns the Secure attribute on the session authorization cookie. The vulnerability arises when LedgerSMB servers behind a reverse proxy respond to unencrypted HTTP; an attacker who can observe traffic and trick a user into using HTTP could obtain the authentication cooki...

6.8CVSS6.3AI score0.00941EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2021/10/13 5:6 p.m.40 views

CVE-2019-14888

A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL. Mitigation Enable HTTP2 enable-http2="true" in the undertows HTTPS settings...

7.5CVSS0.9AI score0.0212EPSS
Exploits0References3
Huntr
Huntr
added 2021/10/11 8:35 p.m.16 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in siwapp/siwapp

Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/1IOglL2LBh8CnvJUI0tRJw2wCJ8ugnws/view Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The...

Exploits0References1
Rows per page
Query Builder