unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options

A flaw was found in Unbound, a Domain Name System DNS resolver. A remote attacker could trigger a heap overflow by sending specially crafted DNS reply packets. This occurs when Unbound attempts to encode multiple Name Server Identifier NSID or Extension Mechanisms for DNS EDNS Cookie options, or...

PT-2023-33025 · Npm +1 · Cookie-Session +1

Name of the Vulnerable Software and Affected Versions: Vendure affected versions not specified Description: The issue concerns the default cookie settings in Vendure, an e-commerce GraphQL framework, which are insecure due to the SameSite setting being false by default. This setting originates fr...

CVE-2022-39284 Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued in Codeigniter4

CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...

PT-2022-24868 · Unknown · Codeigniter

Name of the Vulnerable Software and Affected Versions: CodeIgniter versions prior to 4.2.7 Description: The issue arises when setting $secure or $httponly value to true in ConfigCookie is not reflected in set cookie or Response::setCookie, resulting in cookie values being erroneously exposed to...