Lucene search
K

537 matches found

RedHat Linux
RedHat Linux
added 2024/02/26 12:29 a.m.4 views

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

6.1CVSS7.3AI score0.00743EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2024/02/26 12:0 a.m.39 views

RHEL 8 : firefox (RHSA-2024:0972)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0972 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

8.1CVSS7.6AI score0.00937EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2024/02/26 12:0 a.m.30 views

RHEL 8 : thunderbird (RHSA-2024:0960)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0960 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fixes: Mozilla:...

8.1CVSS7.6AI score0.00937EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2024/02/26 12:0 a.m.23 views

RHEL 9 : thunderbird (RHSA-2024:0962)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0962 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fixes: Mozilla:...

8.1CVSS7.6AI score0.00937EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2024/02/26 12:0 a.m.33 views

RHEL 8 : firefox (RHSA-2024:0970)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0970 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

8.1CVSS7.6AI score0.00937EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2024/02/26 12:0 a.m.28 views

RHEL 9 : thunderbird (RHSA-2024:0963)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0963 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fixes: Mozilla:...

8.1CVSS7.6AI score0.00937EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2024/02/26 12:0 a.m.35 views

RHEL 7 : thunderbird (RHSA-2024:0957)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0957 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fixes: Mozilla:...

8.1CVSS7.6AI score0.00937EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2024/02/26 12:0 a.m.24 views

RHEL 7 : firefox (RHSA-2024:0976)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0976 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

8.1CVSS7.6AI score0.00937EPSS
Exploits1References18
CNNVD
CNNVD
added 2024/02/25 12:0 a.m.5 views

Active Storage Security Vulnerability

Active Storage is a plugin for uploading files to multiple cloud storage services and attaching files to Active Record objects. A security vulnerability exists in Rails Active Storage that stems from Active Storage sending a Set-Cookie header along with the user's session cookie when serving a bl...

5.3CVSS7AI score0.01119EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/02/24 12:0 a.m.23 views

SUSE SLED15: MozillaFirefox / MozillaFirefox-branding-upstream / etc (SUSE-SU-2024:0607-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0607-1 advisory. Update to Firefox Extended Support Release 115.8.0 ESR MFSA 2024-06 bsc1220048: - CVE-2024-1546:...

8.1CVSS6.7AI score0.00937EPSS
Exploits1References19
RedHat Linux
RedHat Linux
added 2024/02/22 4:51 p.m.5 views

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

6.1CVSS7.3AI score0.00743EPSS
Exploits1References6
Veracode
Veracode
added 2024/02/22 4:14 a.m.27 views

Arbitrary Code Injection

Firefox, Firefox ESR, and Thunderbird are vulnerable to Arbitrary Code Injection. The vulnerability is due to the incorrect honoring of Set-Cookie response headers in multipart HTTP responses. If an attacker could manipulate the Content-Type response header and control part of the response body,...

6.1CVSS6.7AI score0.00743EPSS
Exploits1References7Affected Software3
RedhatCVE
RedhatCVE
added 2024/02/21 4:46 p.m.44 views

CVE-2024-1551

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

6.1CVSS7.2AI score0.00743EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/02/21 12:0 a.m.31 views

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2024-052-01)

The version of mozilla-thunderbird installed on the remote host is prior to 115.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-052-01 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused,...

8.1CVSS7.9AI score0.00937EPSS
Exploits1References9
NVD
NVD
added 2024/02/20 2:15 p.m.19 views

CVE-2024-1551

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...

6.1CVSS7.2AI score0.00743EPSS
Exploits1References6
OSV
OSV
added 2024/02/20 2:15 p.m.4 views

CVE-2024-1551

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...

6.1CVSS6.4AI score
Exploits0References6
OSV
OSV
added 2024/02/20 2:15 p.m.5 views

UBUNTU-CVE-2024-1551

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...

6.1CVSS7.3AI score0.00743EPSS
Exploits1References11
UbuntuCve
UbuntuCve
added 2024/02/20 2:15 p.m.23 views

CVE-2024-1551

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...

6.1CVSS6.8AI score0.00743EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2024/02/20 1:21 p.m.25 views

CVE-2024-1551

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...

6.3AI score0.00743EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2024/02/20 1:21 p.m.30 views

CVE-2024-1551

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...

6.1CVSS8.2AI score0.00743EPSS
Exploits1
Rows per page
Query Builder