MidnightBSD

Advisories for lastyard

CVE-2022-47714

Last Yard 22.09.8-1 does not enforce HSTS headers

Products Affected

Vendor Product Version
lastyard last_yard 22.09.8-1
CVE-2022-47715

In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic.

Products Affected

Vendor Product Version
lastyard last_yard 22.09.8-1
CVE-2022-47717

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).

Products Affected

Vendor Product Version
lastyard last_yard 22.09.8-1