191 matches found
Mozilla Firefox ESR < 115.8
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-06 advisory. - Incorrect code generation could have led to unexpected numeric conversions and potential undefined...
Security Vulnerabilities fixed in Firefox 123 — Mozilla
When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim...
Mozilla Firefox < 123.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 123.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-05 advisory. - Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior...
RHCOS 4 : OpenShift Container Platform 4.11.43 (RHSA-2023:3541)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3541 advisory. - cri-o: incorrect handling of the supplementary groups CVE-2022-2995 - flask: Possible disclosure of permanent session cookie due t...
node-undici: cookie leakage
A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have...
ALPINE-CVE-2023-45143
Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear Cookie headers. By design, cookie headers are forbidden request headers, disallowing them to be set in...
Authorization
Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear Cookie headers. By design, cookie headers are forbidden request headers, disallowing them to be set in...
CVE-2023-45143
Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear Cookie headers. By design, cookie headers are forbidden request headers, disallowing them to be set in...
CVE-2023-45143 Undici's cookie header not cleared on cross-origin redirect in fetch
Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear Cookie headers. By design, cookie headers are forbidden request headers, disallowing them to be set in...
CVE-2023-45143
Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear Cookie headers. By design, cookie headers are forbidden request headers, disallowing them to be set in...
Information Disclosure
ytdlp is vulnerable to Information Disclosure. The vulnerability exists because the cookie headers are not properly handled on HTTP redirect which allows an attacker to gain access to sensitive cookie details on unrelated sites...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Flask (SUSE-SU-2023:2263-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2263-1 advisory. - CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching bsc1211246. Tenable has...
The vulnerability of the Python Charmers Future version compatibility program, related to an incorrect regular expression, allows a violator to trigger a service failure.
The vulnerability of the Python Charmers Future version compatibility program is related to incorrect input validation during the processing of Set-Cookie headers. Exploiting this vulnerability allows a remote attacker to send a specially crafted HTTP request to the application and execute a...
BluePage CMS SQL注入漏洞
BluePage CMS is a content management system from BluePage open source. A security vulnerability exists in BluePage CMS version 3.9 and earlier versions, which arises from SQL injection when processing insufficiently cleaned HTTP header cookie values...
SUSE CVE-2012-2671
The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache...
SUSE CVE-2013-3210
Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain...
SUSE CVE-2013-6167
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...
SUSE CVE-2015-7208
Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers...
SUSE CVE-2022-32205
A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl 7.84.0 stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger th...
Symfony storing cookie headers in HttpCache
Description ----------- The Symfony HTTP cache system acts as a reverse proxy: it caches HTTP responses including headers and returns them to clients. In a recent AbstractSessionListener change, the response might now contain a Set-Cookie header. If the Symfony HTTP cache system is enabled, this...