CVE-2018-1000883

Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...

CVE-2024-43173

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute...

CVE-2024-43177 IBM Concert improper certificate validation

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute...

CVE-2023-29259

CVE-2023-29259 affects IBM Sterling Connect:Express for UNIX browser UI (1.5.x). The underlying issue is cookies sent without the SameSite attribute, enabling potentially cookie-based attacks. IBM bulletin lists CVSS base score 3.7 (LOW) and notes affected version 1.5.x. Remediation is to upgrade...

[Full-Disclosure] Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue

-- Corsaire Security Advisory -- Title: Multiple vendor HTTP user agent cookie path traversal issue Date: 12.07.03 Application: Various Environment: Various Author: Martin O'Neal [email protected] Audience: Vendor notification Reference: c030712-001 -- Scope -- The aim of this document is...