47 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: NFSv4: A memory leak has been fixed in nfs4setsecuritylabel. We encounter a memory leak whenever we set a security xattr, which involves accessing nfsfattr and nfs4label...
CVE-2026-32635
A Cross-Site Scripting XSS vulnerability has been identified in the Angular runtime and compiler. It occurs when the application uses a security-sensitive attribute for example href on an anchor tag together with Angular's ability to internationalize attributes. Enabling internationalization for...
EUVD-2021-12898
Malware in sbrugna...
Incorrect Authorization
Overview api-platform/core is a builds a fully-featured hypermedia or GraphQL API in minutes. Affected versions of this package are vulnerable to Incorrect Authorization via the Relay special node type. An attacker can access data or operations that should be restricted by bypassing the configure...
IBM Security Directory Integrator和IBM Security Verify Directory Integrator 安全漏洞
IBM Security Directory Integrator and IBM Security Verify Directory Integrator are both products of International Business Machines IBM.IBM Security Directory Integrator is an integrated development environment and runtime service. IBM Security Verify Directory Integrator is software for...
IBM Security Directory Integrator和IBM Security Verify Directory Integrator 安全漏洞
IBM Security Directory Integrator and IBM Security Verify Directory Integrator are both products of International Business Machines IBM.IBM Security Directory Integrator is an integrated development environment and runtime service. IBM Security Verify Directory Integrator is software for...
DEBIAN-CVE-2024-41076
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix memory leak in nfs4setsecuritylabel We leak nfsfattr and nfs4label every time we set a security xattr...
IBM Datacap Navigator Information Disclosure Vulnerability (CNVD-2024-33370)
IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. An information disclosure vulnerability exists in IBM Datacap Navigator that stems from not setting a security attribute on an authorization token or session cookie, which can be exploited by an attacker t...
IBM Sterling Secure Proxy Information Disclosure Vulnerability
IBM Sterling Secure Proxy is an application proxy from International Business Machines IBM that is used to ensure the secure transfer of files in an organization's unprotected zone DMZ. An information disclosure vulnerability exists in IBM Sterling Secure Proxy that stems from not setting a...
CVE-2023-42016 IBM Sterling B2B Integrator information disclosure
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the...
Authorization
IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the...
CVE-2023-38363 IBM CICS TX information disclosure
IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the...
Session fixation
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1...
iCMS 安全漏洞
iCMS is a software application. An efficient and simple content management system built with PHP and MySQL. A security vulnerability exists in iCMS versions prior to 2.16.1, which arises from a sensitive cookie in an HTTPS session that does not have a security attribute...
Authorization
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a sit...
Code injection
Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies...
Authentication flaw
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...
Fixed in Apache Tomcat 8.5.86
Important: Apache Tomcat information disclosure CVE-2023-28708 When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Tomcat did not include the secure attribute. This could result in th...
Fixed in Apache Tomcat 9.0.72
Important: Apache Tomcat information disclosure CVE-2023-28708 When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Tomcat did not include the secure attribute. This could result in th...
Cookie without “Secure “ and “ HttpOnly ” flag attribute
Description HttpOnly and Secure attribute is not set for session cookies in the application. Proof of Concept https://drive.google.com/file/d/1ZAanmAbOn-jSf6ZMS5JIQKUzJ78fUrea/view?usp=sharing...