Lucene search
+L

243 matches found

Tenable Nessus
Tenable Nessus
added 2024/09/19 12:0 a.m.24 views

SUSE SLED15: libpython3_12-1_0 / libpython3_12-1_0-32bit / python312 / etc (SUSE-SU-2024:3303-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3303-1 advisory. - Update to 3.12.6 - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in...

8.7CVSS6.8AI score0.02303EPSS
Exploits3References14
Tenable Nessus
Tenable Nessus
added 2024/09/16 12:0 a.m.31 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Python vulnerabilities (USN-7015-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7015-1 advisory. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote...

8.7CVSS6.8AI score0.02527EPSS
Exploits4References6
SUSE CVE
SUSE CVE
added 2024/08/23 2:37 a.m.3 views

SUSE CVE-2024-7592

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

2.6CVSS7AI score0.02303EPSS
Exploits1References32
NVD
NVD
added 2024/08/19 7:15 p.m.21 views

CVE-2024-7592

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

7.5CVSS0.02303EPSS
Exploits1References12
Vulnrichment
Vulnrichment
added 2024/06/27 9:27 a.m.24 views

CVE-2024-0947 Cookies Manipulation in Talya Informatics' Elektraweb

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...

9.8CVSS5.8AI score0.00477EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/27 9:27 a.m.37 views

CVE-2024-0947 Cookies Manipulation in Talya Informatics' Elektraweb

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...

9.8CVSS0.00477EPSS
Exploits0References2
OSV
OSV
added 2024/05/23 10:15 p.m.7 views

CVE-2024-5294

D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability...

6.5CVSS5.8AI score0.0046EPSS
Exploits0References1
0day.today
0day.today
added 2023/10/15 12:0 a.m.1061 views

Apache Superset 2.0.0 Remote Code Execution Exploit

Apache Superset versions 2.0.0 and below utilize Flask with a known default secret key which is used to sign HTTP cookies. These cookies can therefore be forged. If a user is able to login to the site, they can decode the cookie, set their userid to that of an administrator, and re-sign the cooki...

9.8CVSS7.7AI score0.97405EPSS
Exploits20
Metasploit
Metasploit
added 2023/09/13 7:51 p.m.337 views

Apache Superset Signed Cookie Priv Esc

Apache Superset versions use auxiliary/gather/apachesupersetcookiesigprivesc msf auxiliaryapachesupersetcookiesigprivesc show actions ...actions... msf auxiliaryapachesupersetcookiesigprivesc set ACTION msf auxiliaryapachesupersetcookiesigprivesc show options ...show and set options... msf...

9.8CVSS8.4AI score0.97405EPSS
Exploits20
Debian
Debian
added 2023/09/12 1:0 a.m.26 views

[SECURITY] [DLA 3561-1] node-cookiejar security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3561-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb September 11, 2023 https://wiki.debian.org/LTS -...

7.5CVSS6.3AI score0.01546EPSS
Exploits1
Fedora
Fedora
added 2023/02/25 4:2 a.m.51 views

[SECURITY] Fedora 36 Update: haproxy-2.4.22-2.fc36

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

9.1CVSS7.8AI score0.05493EPSS
Exploits0
Veracode
Veracode
added 2022/12/13 2:45 a.m.22 views

Information Disclosure

thorsten/phpmyfaq is vulnerable to information disclosure.The vulnerability exists in the setCookie function of session.php due to insecure HTTP cookies without the 'secure' attribute which allows an attacker to gain access to sensitive information...

7.5CVSS7.3AI score0.00422EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2022/12/11 3:30 p.m.56 views

phpMyFAQ has insecure HTTP cookies

phpMyFAQ is contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in versions prior to 3.1.9...

7.5CVSS7.3AI score0.00422EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/12/11 3:30 p.m.25 views

GHSA-WPGC-5CR5-H9GG phpMyFAQ has insecure HTTP cookies

phpMyFAQ is contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in versions prior to 3.1.9...

7.5CVSS6.6AI score0.00422EPSS
Exploits1References5
OSV
OSV
added 2022/09/22 12:0 a.m.22 views

GHSA-M748-HJQG-RPP8 rdiffweb has insecure HTTP cookies

In rdiffweb prior to version 2.4.6, the cookie sessionid does not have a secure attribute when the URL is invalid. Version 2.4.6 contains a fix for the issue...

6.9CVSS5.5AI score0.00396EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/09/22 12:0 a.m.23 views

rdiffweb has insecure HTTP cookies

In rdiffweb prior to version 2.4.6, the cookie sessionid does not have a secure attribute when the URL is invalid. Version 2.4.6 contains a fix for the issue...

5.3CVSS5.5AI score0.00396EPSS
Exploits1References5Affected Software1
OpenVAS
OpenVAS
added 2022/09/15 12:0 a.m.15 views

Fedora: Security Advisory for libapreq2 (FEDORA-2022-61f5b492b7)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.6AI score0.04712EPSS
Exploits0References2
Fedora
Fedora
added 2022/09/13 1:31 a.m.36 views

[SECURITY] Fedora 35 Update: libapreq2-2.17-1.fc35

libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...

7.5CVSS2AI score0.04712EPSS
Exploits0
Fedora
Fedora
added 2022/09/13 1:29 a.m.33 views

[SECURITY] Fedora 36 Update: libapreq2-2.17-1.fc36

libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...

7.5CVSS2AI score0.04712EPSS
Exploits0
Fedora
Fedora
added 2022/09/12 5:59 p.m.37 views

[SECURITY] Fedora 37 Update: libapreq2-2.17-1.fc37

libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...

7.5CVSS2AI score0.04712EPSS
Exploits0
Rows per page
Query Builder