CVE-2021-34598

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active...

Design/Logic Flaw

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active...

CVE-2021-34598

Phoenix Contact FL MGUARD 1102/1105 (firmware v1.4.0, 1.4.1, 1.5.0) has a vulnerability where remote logging is impaired due to failure to release memory for syslog-ng data structures when remote logging is active. The impact described aligns with partial availability degradation; exploitation de...

Phoenix Contact Fl Mguard 1102 安全漏洞

The Phoenix Contact Fl Mguard 1102 is a security router from Phoenix Contact, Germany. It is used to protect industrial networks from attacks such as Ip Spoofing, Denial of Service Dos and Syn flooding. A security vulnerability exists in the Phoenix Contact FL MGUARD 1102 and 1105 that stems from...

CVE-2021-35237

A missing HTTP header X-Frame-Options in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server...

CVE-2021-35237

A missing HTTP header X-Frame-Options in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server...

Design/Logic Flaw

A missing HTTP header X-Frame-Options in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server...

CVE-2021-35237 Clickjacking Vulnerability

A missing HTTP header X-Frame-Options in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server...

CVE-2021-35237

The CVE-2021-35237 entry describes a missing HTTP header (X-Frame-Options) in Kiwi Syslog Server, enabling clickjacking. Affected software: Kiwi Syslog Server; vulnerability is due to absence of the X-Frame-Options header in HTTP responses. Impact: potential user interaction manipulation via embe...

PT-2021-20859 · Unknown · Kiwi Syslog Server

Name of the Vulnerable Software and Affected Versions: Kiwi Syslog Server affected versions not specified Description: A missing HTTP header X-Frame-Options has left customers vulnerable to clickjacking. Clickjacking is an attack where an attacker uses a transparent iframe to trick a user into...

Solarwinds Kiwi Syslog Server 安全漏洞

Solarwinds Kiwi Syslog Server is an affordable Syslog management tool for network and system engineers from Solarwinds USA. It is used to receive syslog messages and Snmp traps from network devices routers, switches, firewalls, etc. and Linux®/Unix® hosts. A security vulnerability exists in Kiwi...

CVE-2021-35236

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted...

CVE-2021-35233

The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client...

CVE-2021-35233

The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client...

CVE-2021-35236

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted...

CVE-2021-35235

The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely...

CVE-2021-35235

The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely...

Design/Logic Flaw

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted...

CVE-2021-35236

Kiwi Syslog Server 9.7.2 and earlier is affected by CVE-2021-35236 due to the SSL cookie lacking the Secure attribute, allowing the cookie to be sent over unencrypted HTTP where the application is reachable via HTTP+HTTPS. The root cause is an unsecured Secure flag on the cookie, which can lead t...

CVE-2021-35236 Missing Secure Flag From SSL Cookie

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted...