Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-11021: Ignore invalid date when processing cookies to prevent out-of-bounds read bsc1250562. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup (SUSE-SU-2025:3753-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3753-1 advisory. - CVE-2025-11021: Ignored invalid date when processing cookies to prevent out-of-bounds read bsc1250562...

SUSE-SU-2025:03267-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious serv...

CBL Mariner 2.0 Security Update: ruby (CVE-2025-27219)

The version of ruby installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27219 advisory. - In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential...

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

PT-2025-8694

Name of the Vulnerable Software and Affected Versions CGI gem versions prior to 0.4.2 Description The CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes,...

CVE-2024-28038

The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and...

BIT-PHP-2020-7070 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

Design/Logic Flaw

ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes...

Medium: php72, php73

Issue Overview: In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

PHP 7.4.x < 7.4.11 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.34, 7.3.x prior to 7.3.23 or 7.4.x prior to 7.4.11. It is, therefore, affected by multiple vulnerabilities: - When AES-CCM mode is used with opensslencrypt function with 12 byt...

Debian DLA-2397-1 : php7.0 security update

A vulnerability was discovered in PHP, a server-side, HTML-embedded scripting language. When PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an...

CVE-2020-7070

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

CVE-2020-7070

CVE-2020-7070 affects PHP 7.2.x &lt; 7.2.34, 7.3.x &lt; 7.3.23 and 7.4.x

PT-2020-5866 · Php +9 · Php +9

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.33 PHP versions 7.3.x through 7.3.22 PHP versions 7.4.x through 7.4.10 Description: The issue is related to the processing of incoming HTTP cookie values in PHP, where cookie names are url-decoded. This may lead...

Easy Adress Book Web Server Buffer Overflow

Easy Adress Book Web Server suffers from a vulnerability while processing a user-supplied cookie, specifically the UserID parameter, which allows the attacker to cause a buffer overflow and result a crash or gain arbitrary code execution under the context of the user. This was originally discover...

"Misfortune Cookie" Broadband Router Vulnerability

Broadband routers employing the Allegro RomPager firmware prior to versions 4.34 contain a vulnerability in HTTP cookie processing code. Exploitation of this vulnerability could allow a remote attacker to take control of an affected device. Users and administrators are encouraged to review...

kernel: sctp: duplicate cookie handling NULL pointer dereference

The sctpsfdo524dupcook function in net/sctp/smstatefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service NULL pointer dereference a...

PHPCMS V9 sys_auth()multiple SQL injection vulnerabilities-vulnerability warning-the black bar safety net

by Flyh4t mail: phpsechotmail.com A description of Syria: the phpcms use sysauth function plus decryption of the cookie information,system more files directly from the cookie in the Get variables into the program flow. Due to the sysauth function in the design and use of the process in the presen...

Low: Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server

Updated tomcat packages that fix several security issues are now available for Red Hat Network Satellite Server 5.2 and 5.3. This update has been rated as having low security impact by the Red Hat Security Response Team. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pag...