Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6267 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag. | |||||
| CVE-2020-27658 | 1 Synology | 1 Router Manager | 2024-11-21 | 4.3 MEDIUM | 7.1 HIGH |
| Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2019-8283 | 1 Gemalto | 1 Sentinel Ldk | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it. | |||||
| CVE-2019-25091 | 1 Nsupdate | 1 Nsupdate.info | 2024-11-21 | N/A | 3.7 LOW |
| A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRF_COOKIE_HTTPONLY leads to cookie without 'httponly' flag. It is possible to initiate the attack remotely. The name of the patch is 60a3fe559c453bc36b0ec3e5dd39c1303640a59a. It is recommended to apply a patch to fix this issue. The identifier VDB-216909 was assigned to this vulnerability. | |||||
| CVE-2024-47833 | 1 Avaiga | 1 Taipy | 2024-10-16 | N/A | 6.5 MEDIUM |
| Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-43845 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2024-09-30 | N/A | 3.7 LOW |
| IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. | |||||