73 matches found
CVE-2024-35211
A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The affected web server, after a successful login, sets the session cookie on the browser, without applying any security attributes such as “Secure”, “HttpOnly”, or “SameSite”...
CVE-2024-35211
A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The affected web server, after a successful login, sets the session cookie on the browser, without applying any security attributes such as “Secure”, “HttpOnly”, or “SameSite”...
CVE-2024-35211
A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The affected web server, after a successful login, sets the session cookie on the browser, without applying any security attributes such as “Secure”, “HttpOnly”, or “SameSite”...
CVE-2024-35211
The CVE-2024-35211 issue affects Siemens SINEC Traffic Analyzer (6GK8822-1BG01-0BA0), all versions prior to V1.2. The underlying flaw is that the web server sets session cookies after login without security attributes (no Secure, HttpOnly, or SameSite), exposing potentially sensitive session data...
Siemens SINEC Traffic Analyzer 安全漏洞
SINEC Traffic Analyzer is an on-premise application that monitors PNIO PROFINET IO communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via Web-UI. A logic flaw vulnerability exists in Siemens SINEC Traffic Analyzer,...
IBM Cognos Controller Information Disclosure Vulnerability (CNVD-2024-23286)
IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. An information disclosure vulnerability exists in IBM...
Fedora 38 : fwupd (2023-48c43df788)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-48c43df788 advisory. This release adds the following features: Add a launchd agent for macOS Add a new security attribute for BIOS capsule updates to be enabled Add functionality...
IBM CICS TX Standard and Advanced 安全漏洞
IBM CICS TX Standard and Advanced is a comprehensive, single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. A security vulnerability exists in IBM TXSeries for Multiplatforms, IBM CICS TX...
Macaron csrf 安全漏洞
Macaron csrf is a Macaron open source middleware for generating and verifying csrf tokens for Macaron. Macaron csrf has a security vulnerability that stems from a misuse of the parameter Generate that results in a sensitive cookie without security attributes...
IBM Control Desk 安全漏洞
IBM Control Desk is an application from International Business Machines IBM. Automated service management and seamlessly integrated, best-practice based service desk functionality. A security vulnerability exists in IBM Control Desk version 7.6.1, which stems from the fact that it does not set...
IBM CICS TX Advanced Access Control Error Vulnerability
IBM CICS TX Advanced is a comprehensive, single transaction runtime package from IBM USA. It can provide a cloud-native deployment model for standalone applications. An Access Control Error vulnerability exists in IBM CICS TX Advanced version 11.1, which stems from a failure to set a security...
CVE-2022-24045
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The application, after a successful login, sets the session cookie on the browser...
Apache Geode Injection Vulnerability
Apache Geode is an Apache Foundation management platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. security attributes prefixed with "sysprop-", "javax.net.ssl", or "security-" are vulnerable to logging of sensitive...
Apache Geode 日志信息泄露漏洞
Apache Geode is an Apache Foundation management platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. security attributes prefixed with "sysprop-", "javax.net.ssl", or "security-" are vulnerable to logging of sensitive...
IBM Tivoli Key Lifecycle Manager 安全漏洞
IBM Tivoli Key Lifecycle Manager TKLM is a set of key lifecycle management software from IBM Corporation. The software provides key storage, key maintenance, and key lifecycle management for storage devices.A security vulnerability exists in IBM Tivoli Key Lifecycle Manager, which stems from the...
IBM Standards Processing 安全漏洞
Ibm Standards Processing Engine Ibm Transformation Extender Advanced is a document conversion software from the American company Ibm. Used to automatically convert and validate large amounts of data. A security vulnerability exists in IBM Standards Processing that stems from the engine not settin...
IBM Security Identity Governance and Intelligence Information Disclosure Vulnerability
IBM Security Identity Governance and Intelligence is an integrated identity management solution based on network devices. An information disclosure vulnerability exists in IBM Security Identity Governance and Intelligence 5.2.6. The vulnerability stems from the product not setting security...
IBM Security Guardium Insights 授权问题漏洞
IBM Security Guardium Insights is a modern hybrid cloud data security hub designed to provide a reliable view of an organization's data security and compliance posture. An information disclosure vulnerability exists in IBM Security Guardium Insights 2.0.2. The vulnerability stems from the product...
IBM Sterling File Gateway Information Disclosure Vulnerability (CNVD-2020-63969)
IBM Sterling File Gateway is an application for transferring files between internal and external partners, allowing you to transfer files more securely and reliably with trading partners. An information disclosure vulnerability exists in IBM Sterling File Gateway 6.0.0.0 - 6.0.3.2, 2.2.0.0 -...
Design/Logic Flaw
Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service account having...