EulerOS Virtualization 2.13.1 : curl (EulerOS-SA-2025-2621)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target...

EUVD-2014-0213

Malware in sbrugna...

EUVD-2004-2569

Malware in sbrugna...

EUVD-2011-4767

Malware in sbrugna...

EUVD-2024-0604

Malicious code in bioql PyPI...

EUVD-2022-5629

Malicious code in bioql PyPI...

CVE-2025-49189 Cookie missing HttpOnly flag

The HttpOnlyflag of the session cookie "@@" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies...

CVE-2024-43177

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute...

CVE-2024-24768

1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6...

SUSE-SU-2024:1444-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure bsc1222857 - CVE-2024-3096: Fixed bypass on null byte leading passwords checked via passwordverify bsc1222858...

CVE-2023-45718

Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session...

Important: firefox

Issue Overview: Integer overflow vulnerability in avtimecodemakestring in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service DoS via crafted .mov file. CVE-2021-28429 A vulnerability was found in expat. With this flaw, it is possible to create a...

CVE-2004-2578

phpGroupWare before 0.9.16.002 transmits the 1 header admin and 2 setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords...

Important: Red Hat Security Advisory: : Updated kdelibs packages resolve cookie security issue

Updated kdelibs packages that fix a flaw in cookie path handling are now available. Konqueror is a file manager and Web browser for the K Desktop Environment KDE. Flaws have been found in the cookie path handling between a number of Web browsers and servers. The HTTP cookie standard allows a Web...