Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri…

Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını…

Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI) Zafiyet…

A potential vulnerability in Splunk Enterprise’s implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability…

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions…

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured…

Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role.…

A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions…

Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote…

IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned…