12 matches found
CVE-2025-71310
The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...
CVE-2026-6019
A flaw was found in Python's http.cookies module. The Morsel.jsoutput function, responsible for generating JavaScript output for cookies, does not properly neutralize the Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Produc...
MiracleLinux 9 : python3.12-3.12.5-2.el9_5.3 (AXSA:2025-9842:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9842:01 advisory. cpython: python: Uncontrolled CPU resource consumption when in http.cookies module CVE-2024-7592 Tenable has extracted the preceding description block direct...
EUVD-2018-0269
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-15010
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A ReDoS regular expression denial of service flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP reques...
The vulnerability of the cookie-consent management module on Drupal COOKiES websites stems from the lack of measures taken to protect the website structure. This allows attackers to perform cross-site scripting attacks (XSS).
The vulnerability of the cookie-consent management module on Drupal COOKiES websites is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...
The vulnerability of the __fscache_invalidate() function in the fs/fscache/cookie.c module of the Linux operating system allows a hacker to induce a service failure.
The vulnerability of the fscacheinvalidate function in the fs/fscache/cookie.c module of the Linux operating system is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause a service failure...
Security Bulletin: IBM API Connect is affected by Node.js tough-cookie module vulnerability to a denial of service (CVE-2016-1000232)
Summary API Connect has addressed the following vulnerability. Node.js tough-cookie module is vulnerable to a denial of service, caused by a regular expression error. By using a sufficiently large HTTP request Cookie header, a remote attacker could exploit this vulnerability to cause the...
Node.js tough-cookie module denial of service vulnerability
Node.js is a JavaScript runtime environment based on the Chrome V8 engine. A security vulnerability in the Node.js tough-cookie module's handling of HTTP requests using a special COOKIE allows remote attackers to exploit the vulnerability to submit specially crafted requests that can crash an...
CVE-2017-15010
A ReDoS regular expression denial of service flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU...
CVE-2017-15010
A ReDoS regular expression denial of service flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU...
SA-CONTRIB-2014-004 - Secure Cookie Data - Faulty Hashing
This module allows for storing data securely in a cookie through implementing the Secure Cookie Protocol. Ability to alter trusted data in the cookie The module did an incorrect comparison of the HMAC value, allowing a bypass of the HMAC verification which allows changing the cookie value. Known...