191 matches found
Hono 安全漏洞
Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.4 contained security vulnerabilities. These vulnerabilities stemmed from the setCookie tool, which did not validate the semicolons, line breaks, or newlines in the domain and path parameters when...
SUSE-SU-2026:20543-1 Security update for python313
This update for python313 fixes the following issues: Update to version 3.13.12. Security issues fixed: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2025-15282: user-controlled data URLs parsed may...
Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2026-1444)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1444 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Python vulnerabilities (USN-8018-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8018-1 advisory. Denis Ledoux discovered that Python incorrectly parsed email message headers. An...
USN-8018-1: Python vulnerabilities
Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this issue to inject arbitrary headers into email messages. This issue only affected python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, and...
USN-8018-1 python3.14, python3.13, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6, python3.5, python3.4 vulnerabilities
Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this issue to inject arbitrary headers into email messages. This issue only affected python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, and...
Insufficient Session Expiration
Overview @hotwired/turbo is a The speed of a single-page web application without having to write any JavaScript Affected versions of this package are vulnerable to Insufficient Session Expiration due to a race condition. An attacker can cause stale session cookies to be restored by delaying HTTP...
Logging of Excessive Data
Overview Affected versions of this package are vulnerable to Logging of Excessive Data via the cookies attribute. An attacker can generate excessive warning-level log entries by sending specially crafted Cookie headers. Remediation Upgrade aiohttp to version 3.13.3 or higher. References - GitHub...
EUVD-2019-5527
Malware in sbrugna...
EUVD-2016-3028
Malware in sbrugna...
EUVD-2024-17298
Malicious code in bioql PyPI...
EUVD-2022-6032
Malicious code in bioql PyPI...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the cookie date formatting process. An attacker can access sensitive memory contents by sending specially crafted cookie headers. Remediation There is no fixed version for libsoup. References - Gitlab Issue - Red...
Linux Distros Unpatched Vulnerability : CVE-2022-27776
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host...
Linux Distros Unpatched Vulnerability : CVE-2022-31042
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Guzzle is an open source PHP HTTP client. In affected versions the Cookie headers on requests are sensitive information. On making a request using the https...
python-tornado: Tornado has HTTP cookie parsing DoS vulnerability
A flaw was found in Tornado's HTTP cookie parsing algorithm. This vulnerability allows excessive CPU consumption via maliciously crafted cookie headers due to Quadratic complexity, potentially blocking the processing of other requests and leading to the loss of availability of the system...
python-tornado: Tornado has HTTP cookie parsing DoS vulnerability
A flaw was found in Tornado's HTTP cookie parsing algorithm. This vulnerability allows excessive CPU consumption via maliciously crafted cookie headers due to Quadratic complexity, potentially blocking the processing of other requests and leading to the loss of availability of the system...
Linux Distros Unpatched Vulnerability : CVE-2013-6167
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote...
CVE-2024-57249
Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Cookie header, in the request. This bypasses...
CVE-2019-14300
Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is...