Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5631 | 1 Freeipa | 1 Freeipa | 2019-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| ipa 3.0 does not properly check server identity before sending credential containing cookies | |||||
| CVE-2019-17104 | 1 Centreon | 1 Centreon Vm | 2019-10-11 | 5.0 MEDIUM | 7.5 HIGH |
| In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. | |||||
| CVE-2018-5190 | 1 Picturespro | 1 Picturespro | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pc_head.php, pc_login.php, and pc_login_page.php. | |||||
| CVE-2017-8034 | 1 Cloudfoundry | 3 Capi-release, Cf-release, Routing-release | 2019-10-03 | 6.0 MEDIUM | 6.6 MEDIUM |
| The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges. | |||||
| CVE-2018-20512 | 1 Cdatatec | 22 Epon Cpe-wifi Devices Firmware, Fd108bn, Fd111hz and 19 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies. | |||||
| CVE-2017-6896 | 1 Digisol | 2 Dg-hr1400 Router, Dg-hr1400 Router Firmware | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value. | |||||
| CVE-2017-7279 | 1 Unitrends | 1 Enterprise Backup | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login. | |||||