243 matches found
SUSE SLED15: libpython3_12-1_0 / libpython3_12-1_0-32bit / python312 / etc (SUSE-SU-2024:3303-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3303-1 advisory. - Update to 3.12.6 - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Python vulnerabilities (USN-7015-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7015-1 advisory. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote...
SUSE CVE-2024-7592
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
CVE-2024-7592
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
CVE-2024-0947 Cookies Manipulation in Talya Informatics' Elektraweb
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...
CVE-2024-0947 Cookies Manipulation in Talya Informatics' Elektraweb
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...
CVE-2024-5294
D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability...
Apache Superset 2.0.0 Remote Code Execution Exploit
Apache Superset versions 2.0.0 and below utilize Flask with a known default secret key which is used to sign HTTP cookies. These cookies can therefore be forged. If a user is able to login to the site, they can decode the cookie, set their userid to that of an administrator, and re-sign the cooki...
Apache Superset Signed Cookie Priv Esc
Apache Superset versions use auxiliary/gather/apachesupersetcookiesigprivesc msf auxiliaryapachesupersetcookiesigprivesc show actions ...actions... msf auxiliaryapachesupersetcookiesigprivesc set ACTION msf auxiliaryapachesupersetcookiesigprivesc show options ...show and set options... msf...
[SECURITY] [DLA 3561-1] node-cookiejar security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3561-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb September 11, 2023 https://wiki.debian.org/LTS -...
[SECURITY] Fedora 36 Update: haproxy-2.4.22-2.fc36
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...
Information Disclosure
thorsten/phpmyfaq is vulnerable to information disclosure.The vulnerability exists in the setCookie function of session.php due to insecure HTTP cookies without the 'secure' attribute which allows an attacker to gain access to sensitive information...
phpMyFAQ has insecure HTTP cookies
phpMyFAQ is contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in versions prior to 3.1.9...
GHSA-WPGC-5CR5-H9GG phpMyFAQ has insecure HTTP cookies
phpMyFAQ is contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in versions prior to 3.1.9...
GHSA-M748-HJQG-RPP8 rdiffweb has insecure HTTP cookies
In rdiffweb prior to version 2.4.6, the cookie sessionid does not have a secure attribute when the URL is invalid. Version 2.4.6 contains a fix for the issue...
rdiffweb has insecure HTTP cookies
In rdiffweb prior to version 2.4.6, the cookie sessionid does not have a secure attribute when the URL is invalid. Version 2.4.6 contains a fix for the issue...
Fedora: Security Advisory for libapreq2 (FEDORA-2022-61f5b492b7)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: libapreq2-2.17-1.fc35
libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...
[SECURITY] Fedora 36 Update: libapreq2-2.17-1.fc36
libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...
[SECURITY] Fedora 37 Update: libapreq2-2.17-1.fc37
libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...