17 matches found
NewStart CGSL MAIN 6.06 (SP) : curl Vulnerability (NS-SA-2026-0032)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has curl packages installed that are affected by a vulnerability: - This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows ...
Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Improper Input Validation (CVE-2023-46218)
This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mix...
Brave Browser Desktop 安全漏洞
Brave Browser Desktop is a desktop browser from Brave USA. A security vulnerability exists in Brave Browser Desktop versions prior to 1.83.10, which stems from a failure to follow the SameSite cookie attribute for the Open Link in Split View context menu item when the Split View feature is enable...
EUVD-2023-23657
Malicious code in bioql PyPI...
Medium: curl
Issue Overview: This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this b...
BIT-GITLAB-2023-1401 Insertion of Sensitive Information Into Sent Data in GitLab
An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization...
AZL-32099 CVE-2023-46218 affecting package curl for versions less than 8.5.0-1
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...
DEBIAN-CVE-2023-46218
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...
AZL-32119 CVE-2023-46218 affecting package cmake for versions less than 3.21.4-13
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...
UBUNTU-CVE-2023-46218
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...
CVE-2023-1401 Insertion of Sensitive Information Into Sent Data in GitLab
An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization...
CVE-2023-1401 Insertion of Sensitive Information Into Sent Data in GitLab
An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization...
CVE-2023-1401 Insertion of Sensitive Information Into Sent Data in GitLab
An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab DAST scanner versions prior to 3.0.29...
DEBIAN-CVE-2022-27779
libcurl wrongly allows cookies to be set for Top Level Domains TLDs if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without Public Suffix Listawareness. If PSL support not provided, a more rudimentary check...
cookie for trailing dot TLD
libcurl wrongly allows HTTP cookies to be set for Top Level Domains TLDs if the hostname is provided with a trailing dot. curl can be told to receive and send cookies when communicating using HTTPS. curl's "cookie engine" can be built with or without Public Suffix List awareness. If PSL support n...
Rails 加密问题漏洞
Rails is a set of open source web application frameworks based on the Ruby language from the Rails team. A cryptographic issue vulnerability exists in Rails multisite, where an attacker may be able to reuse cookies on different sites in multiple Rails applications...