Lucene search
K

537 matches found

OSV
OSV
added 2024/02/27 4:15 p.m.5 views

UBUNTU-CVE-2024-26144

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

5.3CVSS6AI score0.01119EPSS
Exploits0References7
OSV
OSV
added 2024/02/27 3:44 p.m.28 views

CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

5.3CVSS5AI score0.01119EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/02/27 12:0 a.m.35 views

Oracle Linux 8 : thunderbird (ELSA-2024-0964)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0964 advisory. 115.8.0-1.0.1 - Add Oracle modifications 115.8.0-1 - Update to 115.8.0 build1 Tenable has extracted the preceding description block directly from the...

8.1CVSS7.4AI score0.00937EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2024/02/27 12:0 a.m.36 views

Oracle Linux 9 : thunderbird (ELSA-2024-0963)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0963 advisory. 115.8.0-1.0.1 - Add Oracle modifications 115.8.0-1 - Update to 115.8.0 build1 Tenable has extracted the preceding description block directly from the...

8.1CVSS7.4AI score0.00937EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2024/02/27 12:0 a.m.32 views

RHEL 9 : firefox (RHSA-2024:0983)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0983 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

8.1CVSS7.6AI score0.00937EPSS
Exploits1References18
RedHat Linux
RedHat Linux
added 2024/02/26 8:47 p.m.4 views

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

6.1CVSS7.3AI score0.00743EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/02/26 7:19 p.m.8 views

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

6.1CVSS7.3AI score0.00743EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/02/26 4:36 a.m.2 views

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

6.1CVSS7.3AI score0.00743EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/02/26 2:21 a.m.4 views

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

6.1CVSS7.3AI score0.00743EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/02/26 2:21 a.m.5 views

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

6.1CVSS7.3AI score0.00743EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/02/26 2:21 a.m.3 views

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

6.1CVSS7.3AI score0.00743EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/02/26 2:20 a.m.4 views

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

6.1CVSS7.3AI score0.00743EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/02/26 2:20 a.m.3 views

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

6.1CVSS7.3AI score0.00743EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/02/26 2:19 a.m.2 views

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

6.1CVSS7.3AI score0.00743EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/02/26 2:19 a.m.3 views

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

6.1CVSS7.3AI score0.00743EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/02/26 2:19 a.m.2 views

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

6.1CVSS7.3AI score0.00743EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/02/26 2:19 a.m.5 views

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

6.1CVSS7.3AI score0.00743EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/02/26 2:12 a.m.5 views

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

6.1CVSS7.3AI score0.00743EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/02/26 1:51 a.m.4 views

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

6.1CVSS7.3AI score0.00743EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/02/26 1:41 a.m.6 views

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

6.1CVSS7.3AI score0.00743EPSS
Exploits1References6
Rows per page
Query Builder