248 matches found
CVE-2025-4035
A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...
CVE-2025-4035
A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...
CVE-2025-4035 Libsoup: cookie domain validation bypass via uppercase characters in libsoup
A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...
CVE-2025-4035
Libsoup3 is affected by CVE-2025-4035: a cookie-domain validation bypass occurs when handling cookies where the domain contains at least two components and includes an uppercase character, allowing cookies to be set for public suffix domains a site does not own. The vulnerability is described acr...
CVE-2025-4035
A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...
Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2025-941)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-941 advisory. A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skipinsightwhitespace function. Libsoup clients may read one byte out-of-bounds i...
Dust: UI flaw allows unauthorized users to add documents to restricted folders
The UI flaw allowed unauthorized users to add documents to restricted folders. The vulnerability constituted an Insecure Direct Object Reference IDOR issue, where users could manipulate the client-side behavior to perform actions they were not supposed to have access to, such as uploading documen...
CVE-2025-26479
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues...
CVE-2025-26479
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues...
CVE-2025-26479
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues...
CVE-2025-26479
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues...
CVE-2025-26479
Dell PowerScale OneFS contains an out-of-bounds write vulnerability affecting versions 9.4.0.0 through 9.10.0.0, exploitable via NFS workflows and potentially causing data integrity issues. The issue stems from an application boundary error when processing untrusted input. Public references consi...
PT-2025-15890 · Dell · Dell Powerscale Onefs
Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 9.4.0.0 through 9.10.0.0 Description: The issue is an out-of-bounds write vulnerability that could be exploited by an attacker in NFS workflows, potentially leading to data integrity issues. Recommendations: For...
CVE-2025-2819
There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user...
MD5 Hash Collisions
sagemaker is vulnerable to MD5 Hash Collisions. The vulnerability is due to weak hashing in workflow identification due to the reuse of results from different configurations that produce the same MD5 hash, potentially leading to unintended workflow replacements and integrity issues...
Azure Linux 3.0 Security Update: libssh (CVE-2023-6918)
The version of libssh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6918 advisory. - A flaw was found in the libssh implements abstract layer for message digest MD operations implemented by...
CVE-2025-2819
There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user...
CVE-2025-2819 Unrestricted Fileupload
There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user...
CVE-2025-2819 Unrestricted Fileupload
There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user...
GHSA-3XRR-7M6P-P7XH vulnerabilities
Vulnerabilities for packages: hadoop-fips...