Lucene search
K

191 matches found

Tenable Nessus
Tenable Nessus
added 2024/02/20 12:0 a.m.33 views

Mozilla Firefox ESR < 115.8

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-06 advisory. - Incorrect code generation could have led to unexpected numeric conversions and potential undefined...

8.1CVSS7.5AI score0.00937EPSS
Exploits1References9
Mozilla
Mozilla
added 2024/02/20 12:0 a.m.111 views

Security Vulnerabilities fixed in Firefox 123 — Mozilla

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim...

9.8CVSS8.1AI score0.00937EPSS
Exploits2References12Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/02/20 12:0 a.m.37 views

Mozilla Firefox < 123.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 123.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-05 advisory. - Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior...

9.8CVSS7.5AI score0.00937EPSS
Exploits2References13
Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.23 views

RHCOS 4 : OpenShift Container Platform 4.11.43 (RHSA-2023:3541)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3541 advisory. - cri-o: incorrect handling of the supplementary groups CVE-2022-2995 - flask: Possible disclosure of permanent session cookie due t...

7.5CVSS6.8AI score0.01261EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2023/11/14 5:0 p.m.4 views

node-undici: cookie leakage

A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have...

3.9CVSS7.3AI score0.01223EPSS
Exploits0References5
OSV
OSV
added 2023/10/12 5:15 p.m.2 views

ALPINE-CVE-2023-45143

Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear Cookie headers. By design, cookie headers are forbidden request headers, disallowing them to be set in...

3.5CVSS6.6AI score0.01223EPSS
Exploits0References1
Prion
Prion
added 2023/10/12 5:15 p.m.22 views

Authorization

Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear Cookie headers. By design, cookie headers are forbidden request headers, disallowing them to be set in...

3.5CVSS5.3AI score0.01223EPSS
Exploits0References11Affected Software2
AlpineLinux
AlpineLinux
added 2023/10/12 4:35 p.m.27 views

CVE-2023-45143

Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear Cookie headers. By design, cookie headers are forbidden request headers, disallowing them to be set in...

3.9CVSS6AI score0.01223EPSS
Exploits0
OSV
OSV
added 2023/10/12 4:35 p.m.32 views

CVE-2023-45143 Undici's cookie header not cleared on cross-origin redirect in fetch

Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear Cookie headers. By design, cookie headers are forbidden request headers, disallowing them to be set in...

3.9CVSS6.1AI score0.01223EPSS
Exploits0References13
Debian CVE
Debian CVE
added 2023/10/12 4:35 p.m.31 views

CVE-2023-45143

Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear Cookie headers. By design, cookie headers are forbidden request headers, disallowing them to be set in...

3.9CVSS6.1AI score0.01223EPSS
Exploits0
Veracode
Veracode
added 2023/07/12 11:58 a.m.28 views

Information Disclosure

ytdlp is vulnerable to Information Disclosure. The vulnerability exists because the cookie headers are not properly handled on HTTP redirect which allows an attacker to gain access to sensitive cookie details on unrelated sites...

8.2CVSS7AI score0.01038EPSS
Exploits0References11Affected Software2
Tenable Nessus
Tenable Nessus
added 2023/05/23 12:0 a.m.15 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Flask (SUSE-SU-2023:2263-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2263-1 advisory. - CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching bsc1211246. Tenable has...

7.5CVSS7.2AI score0.01261EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2023/05/10 12:0 a.m.12 views

The vulnerability of the Python Charmers Future version compatibility program, related to an incorrect regular expression, allows a violator to trigger a service failure.

The vulnerability of the Python Charmers Future version compatibility program is related to incorrect input validation during the processing of Set-Cookie headers. Exploiting this vulnerability allows a remote attacker to send a specially crafted HTTP request to the application and execute a...

7.8CVSS6.7AI score0.01804EPSS
Exploits1References11Affected Software5
CNNVD
CNNVD
added 2023/04/03 12:0 a.m.7 views

BluePage CMS SQL注入漏洞

BluePage CMS is a content management system from BluePage open source. A security vulnerability exists in BluePage CMS version 3.9 and earlier versions, which arises from SQL injection when processing insufficiently cleaned HTTP header cookie values...

9.8CVSS8.6AI score0.01081EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.6 views

SUSE CVE-2012-2671

The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache...

7.5CVSS6.9AI score0.02359EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:37 a.m.3 views

SUSE CVE-2013-3210

Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain...

5CVSS6.2AI score0.01667EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:34 a.m.3 views

SUSE CVE-2013-6167

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

6.8CVSS6.6AI score0.01636EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:14 a.m.4 views

SUSE CVE-2015-7208

Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers...

5CVSS6.4AI score0.0239EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.4 views

SUSE CVE-2022-32205

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl 7.84.0 stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger th...

4.9CVSS7.2AI score0.26915EPSS
Exploits1References44
Github Security Blog
Github Security Blog
added 2023/02/01 6:48 p.m.33 views

Symfony storing cookie headers in HttpCache

Description ----------- The Symfony HTTP cache system acts as a reverse proxy: it caches HTTP responses including headers and returns them to clients. In a recent AbstractSessionListener change, the response might now contain a Set-Cookie header. If the Symfony HTTP cache system is enabled, this...

8.8CVSS6.7AI score0.00753EPSS
Exploits0References8Affected Software2
Rows per page
Query Builder