Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35236 | 1 Solarwinds | 1 Kiwi Syslog Server | 2022-10-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP, there is a potential for the cookie can be sent in clear text. | |||||
| CVE-2022-3250 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-23 | N/A | 5.3 MEDIUM |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6. | |||||
| CVE-2022-3251 | 1 Ikus-soft | 1 Minarca | 2022-09-23 | N/A | 5.3 MEDIUM |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2. | |||||
| CVE-2022-3174 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-15 | N/A | 7.5 HIGH |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2. | |||||
| CVE-2015-3207 | 1 Openshift | 1 Origin | 2022-07-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes. | |||||
| CVE-2020-29024 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2021-02-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3. | |||||
| CVE-2020-27651 | 1 Synology | 1 Router Manager | 2020-11-06 | 6.8 MEDIUM | 8.1 HIGH |
| Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | |||||
| CVE-2020-27650 | 1 Synology | 3 Diskstation Manager, Skynas, Skynas Firmware | 2020-11-05 | 4.3 MEDIUM | 3.7 LOW |
| Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | |||||