12 matches found
CVE-2026-32745
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings...
CVE-2026-32745
JetBrains Datalore is affected prior to version 2026.1. The vulnerability arises from missing the Secure attribute on cookie settings, enabling session hijacking. No exploit details are provided in the documents. Affected product: JetBrains Datalore; root cause: cookie security attribute misconfi...
EUVD-2017-10244
Malware in sbrugna...
EUVD-2021-27114
Malware in sbrugna...
CVE-2024-44575
RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...
tomcat: not including the secure attribute causes information disclosure
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...
tomcat: not including the secure attribute causes information disclosure
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...
CVE-2023-5035
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks,...
usememos/memos missing Secure cookie attribute
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 is missing the Secure cookie attribute, making it vulnerable to session hijacking...
PT-2022-7817 · Red Hat · Openshift Origin
Name of the Vulnerable Software and Affected Versions: Openshift Origin version 3 Description: The issue is related to insecure cookies being set in the console of Openshift Origin. Specifically, the cookies lack 'secure' and 'HttpOnly' attributes. Recommendations: For Openshift Origin version 3,...
Information disclosure
IBM Tivoli Endpoint Manager IBM BigFix Platform 9.2 and 9.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...
Multiple networking devices fail to set the "Secure" attribute of a cookie
Overview Multiple vendors' networking devices fail to set the "Secure" cookie attribute and could disclose sensitive information about a user's HTTP session. Description Many networking devices provide a built-in web server, which may support the HTTPS protocol. When a user logs into the device...