14 matches found
$_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities
...
BIT-LIBPHP-2022-31629 $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...
CVE-2022-3083
All versions of Landis+Gyr E850 ZMQ200 are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie...
CLSA-2024-1735310755 php: Fix of 3 CVEs
CVE-2022-31629: Add cookie integrity validation - CVE-2024-2756: Fix issue introduced by incomplete fix of CVE-2022-31629 to prevent network and same-site attackers from setting insecure cookies in victim's browser - CVE-2024-3096: Fix issue where passwordverify incorrectly returns true when...
CLSA-2024-1715281321 php: Fix of 2 CVEs
CVE-2022-31629: Add cookie integrity validation - CVE-2024-2756: Move cookie integrity validation downwards...
CLSA-2024-1715280966 php: Fix of 2 CVEs
CVE-2022-31629: Add cookie integrity validation - CVE-2024-2756: Move cookie integrity validation downwards...
CLSA-2023-1686859492 php: Fix of 3 CVEs
CVE-2022-31628: Fix potential infinite recursion in phar wrapper when using quine gzip file - CVE-2022-31629: Add cookie integrity validation - CVE-2022-31631: Fix integer overflow that could cause PDO::quote to return an improperly quoted string...
CLSA-2023-1686858853 php: Fix of 3 CVEs
CVE-2022-31628: Fix potential infinite recursion in phar wrapper when using quine gzip file - CVE-2022-31629: Add cookie integrity validation - CVE-2022-31631: Fix integer overflow that could cause PDO::quote to return an improperly quoted string...
CVE-2023-3050
Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass. This issue affects Lockcell: before 15...
CLSA-2023-1679944242 Fix CVE(s): CVE-2022-31629, CVE-2022-31628, CVE-2022-31631
SECURITY UPDATE: Denial of service - debian/patches/CVE-2022-31628.patch: Fix potential infinite recursion in phar wrapper when using quine gzip file - CVE-2022-31628 SECURITY UPDATE: Cookie injection - debian/patches/CVE-2022-31629.patch: Add cookie integrity validation - CVE-2022-31629 SECURITY...
SUSE CVE-2020-8184
A reliance on cookies without validation/integrity check security vulnerability exists in rack 2.2.3, rack 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix...
CVE-2022-31629 $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...
CVE-2022-31629 $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...
MGASA-2020-0306 Updated ruby-rack packages fix security vulnerability
A reliance on cookies without validation/integrity check security vulnerability exists in rack 2.2.3 that makes it is possible for an attacker to forge a secure or host-only cookie prefix CVE-2020-8184...