11 matches found
CVE-2026-26076
ntpd-rs (Network Time Protocol) is vulnerable prior to versions 1.7.1. An unauthenticated remote attacker can craft malformed NTS packets, causing the server to expend significantly more effort by requesting a large number of cookies, leading to degraded performance even under load. The issue is ...
CVE-2026-26076 ntpd-rs affected by excessive CPU load from malformed packets
ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...
PYSEC-2024-196
Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to CORS origin validation, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio...
Mozilla: Cookie jar overflow caused unexpected cookie jar state
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
Updated libsoup packages fix security vulnerability
It was discovered that libsoup versions 2.63.2 and prior incorrectly handled certain cookie requests. An attacker could possibly use this to cause a denial of service CVE-2018-12910...
Debian: Security Advisory (DLA-1416-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1416-1] libsoup2.4 security update
Package : libsoup2.4 Version : 2.48.0-1+deb8u2 CVE ID : CVE-2018-12910 It was discovered that the Soup HTTP library performed insuffient validation of cookie requests which could result in an out-of-bounds memory read. For Debian 8 "Jessie", these problems have been fixed in version...
Debian DSA-4241-1 : libsoup2.4 - security update
It was discovered that the Soup HTTP library performed insufficient validation of cookie requests which could result in an out-of-bounds memory read. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4241. The...
[SECURITY] [DSA 4241-1] libsoup2.4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4241-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2018 https://www.debian.org/security/faq -...
USN-3701-1 libsoup2.4 vulnerability
It was discovered that libsoup incorrectly handled certain cookie requests. An attacker could possibly use this to cause a denial of service...
Mail responds to cookie requests — Mozilla
Mozilla mail clients from March to December 2004 responded to cookie requests accompanying content loaded over HTTP, ignoring the setting of the preference "network.cookie.disableCookieForMailNews" disabled cookies are the default in mail...