Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-11021: Ignore invalid date when processing cookies to prevent out-of-bounds read bsc1250562. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup (SUSE-SU-2025:3753-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3753-1 advisory. - CVE-2025-11021: Ignored invalid date when processing cookies to prevent out-of-bounds read bsc1250562...

SUSE-SU-2025:03267-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious serv...

CBL Mariner 2.0 Security Update: ruby (CVE-2025-27219)

The version of ruby installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27219 advisory. - In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential...

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

PT-2025-8694

Name of the Vulnerable Software and Affected Versions CGI gem versions prior to 0.4.2 Description The CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes,...

CVE-2024-28038

The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and...

The vulnerability of the PHP programming language interpreter, related to incorrect handling of cookie files, allows attackers to intercept sessions and gain unauthorized access to protected information.

The vulnerability of the PHP programming language interpreter relates to the incorrect processing of cookie files, resulting from replacing spaces, periods, and open parentheses with underscores. Exploiting this vulnerability can allow an attacker to intercept sessions and gain unauthorized acces...

The vulnerability of the Mozilla Firefox browser is related to errors in processing SameSite cookies, which allows an attacker to compromise the integrity of the protected information.

The vulnerability of the Mozilla Firefox browser is related to errors in processing SameSite cookies when opening a website using the “firefox://” protocol handler. Exploiting this vulnerability can allow an attacker to compromise the integrity of protected information...

BIT-PHP-2020-7070 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

The vulnerability of the Undertow web server, related to deficiencies in the processing of incoming HTTP requests, allows attackers to compromise the confidentiality and integrity of protected information.

The vulnerability of the Undertow web server is related to deficiencies in the processing of incoming HTTP requests during the analysis of cookies containing certain delimiter symbols. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the...

The vulnerability of the Firefox browser, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of Firefox browsers is related to insufficient validation of input data during the processing of cookie files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of Eclipse Jetty servlet containers relates to syntax validation errors in input checks. This allows attackers to inject one cookie into another and affect its processing.

The vulnerability of Eclipse Jetty servlet containers is related to syntax validation errors in input checks. Exploiting this vulnerability allows a malicious actor to inject one cookie into another and affect their processing...

Design/Logic Flaw

ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes...

Medium: php72, php73

Issue Overview: In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

PHP 7.4.x < 7.4.11 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.34, 7.3.x prior to 7.3.23 or 7.4.x prior to 7.4.11. It is, therefore, affected by multiple vulnerabilities: - When AES-CCM mode is used with opensslencrypt function with 12 byt...

Debian DLA-2397-1 : php7.0 security update

A vulnerability was discovered in PHP, a server-side, HTML-embedded scripting language. When PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an...

CVE-2020-7070

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

CVE-2020-7070

CVE-2020-7070 affects PHP 7.2.x &lt; 7.2.34, 7.3.x &lt; 7.3.23 and 7.4.x

PT-2020-5866 · Php +9 · Php +9

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.33 PHP versions 7.3.x through 7.3.22 PHP versions 7.4.x through 7.4.10 Description: The issue is related to the processing of incoming HTTP cookie values in PHP, where cookie names are url-decoded. This may lead...