27 matches found
curl: Use-after-free in `curl_easy_ssls_export()` during callback re-entrancy
Summary: curleasysslsexport iterates the SSL session list and invokes a caller-provided callback for each entry. If that callback calls curleasysslsimport on the same easy handle, the import path can evict and free the current session node while the export loop still holds it. The subsequent...
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.6
Red Hat OpenShift Service Mesh 3.1.6 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.1....
OpenSMTPD < 5.3.2 DoS Vulnerability
OpenSMTPD is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openbsd:opensmtpd";...
OpenVPN -- HMAC verification on source IP address ineffective
Arne Schwabe reports: Fix memcmp check for the hmac verification in the 3way handshake being inverted This is a stupid mistake but causes all hmac cookies to be accepted, thus breaking source IP address validation. As a consequence, TLS sessions can be openend and state can be consumed in the...
EUVD-2022-1770
Malicious code in bioql PyPI...
OTRS 安全漏洞
OTRS is a service management solution from OTRS Germany. A security vulnerability exists in OTRS that stems from a missing attribute for sensitive cookie settings in HTTPS sessions, and vulnerabilities in the OTRS Application Server and Reverse Proxy settings that allow session hijacking...
Relyum RELY-PCIe 安全漏洞
Relyum RELY-PCIe is a smart pluggable board from Relyum Spain. A security vulnerability exists in the Relyum RELY-PCIe versions v22.2.1 through v23.1.0 that stems from not setting the security attributes of sensitive cookies in an HTTPS session, which could result in a user agent sending these...
The vulnerability of the change management software during development in IBM Rational ClearQuest arises from the lack of measures taken to protect the structure of the web page. This vulnerability allows a hacker to disclose credentials during a secure session.
The vulnerability of the change management software in IBM Rational ClearQuest exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to obtain login credentials during a secure session...
The vulnerability of the IBM Security Guardium web interface allows a perpetrator to disclose login credentials during a secure session.
The vulnerability of the IBM Security Guardium web interface exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to disclose credentials during a secure session...
The vulnerability of the web interface of the IBM InfoSphere Information Server software platform allows a perpetrator to disclose account information during a secure session.
The vulnerability in the web interface of the IBM InfoSphere Information Server software integration platform exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to disclose credentials during a secure sessio...
Minarca 安全漏洞
Minarca is a free and open source backup software from the individual developer Patrik Dufresne. A security vulnerability exists in versions prior to Minarca 4.2.2 that stems from sensitive cookies in HTTPS sessions that do not have security attributes...
GHSA-J636-CRP3-M584 Cross-site Scripting in tableexport.jquery.plugin
There is a cross-site scripting vulnerability with default onCellHtmlData function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. This can result in transmitting cookies to third-party servers and/or sending data from secure sessions to third-party servers...
Cross-site Scripting in tableexport.jquery.plugin
There is a cross-site scripting vulnerability with default onCellHtmlData function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. This can result in transmitting cookies to third-party servers and/or sending data from secure sessions to third-party servers...
CVE-2022-1291
XSS vulnerability with default onCellHtmlData function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure sessions to third-party servers...
Cross site scripting
XSS vulnerability with default onCellHtmlData function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure sessions to third-party servers...
CVE-2022-1291 XSS vulnerability with default `onCellHtmlData` function in hhurz/tableexport.jquery.plugin
XSS vulnerability with default onCellHtmlData function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure sessions to third-party servers...
CVE-2022-1291 XSS vulnerability with default `onCellHtmlData` function in hhurz/tableexport.jquery.plugin
XSS vulnerability with default onCellHtmlData function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure sessions to third-party servers...
nodejs: TLS session reuse can lead to hostname verification bypass
A TLS Hostname verification bypass vulnerability exists in NodeJS. This flaw allows an attacker to bypass TLS Hostname verification when a TLS client reuses HTTPS sessions...
The vulnerability of the IBM WebSphere Portal software arises from the lack of measures taken to protect the structure of the web page. This allows attackers to disclose user credentials during a secure session.
The vulnerability of the IBM WebSphere Portal software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to gain access to user credentials during a secure session, thereby allowing the insertion of arbitra...
The vulnerability of the IBM WebSphere Portal software arises from the lack of measures taken to protect the structure of the web page. This allows attackers to disclose user credentials during a secure session.
The vulnerability of the IBM WebSphere Portal software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to gain access to user credentials during a secure session, thereby allowing the insertion of arbitra...