Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-2493 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.1-00. | |||||
| CVE-2024-0349 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-11-21 | 2.6 LOW | 3.7 LOW |
| A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability. | |||||
| CVE-2023-5866 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 5.7 MEDIUM |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1. | |||||
| CVE-2023-4654 | 1 Instantcms | 1 Instantcms | 2024-11-21 | N/A | 3.5 LOW |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1. | |||||
| CVE-2023-46179 | 1 Ibm | 1 Sterling Secure Proxy | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683. | |||||
| CVE-2023-3520 | 1 It-novum | 1 Openitcockpit | 2024-11-21 | N/A | 4.6 MEDIUM |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6. | |||||
| CVE-2024-47833 | 1 Avaiga | 1 Taipy | 2024-10-16 | N/A | 6.5 MEDIUM |
| Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-43180 | 1 Ibm | 1 Concert | 2024-09-20 | N/A | 4.3 MEDIUM |
| IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | |||||