CVE-2024-47764 cookie accepts cookie name, path, and domain with out of bounds characters

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

BIT-ASPNET-CORE-2020-1045 Microsoft ASP.NET Core Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded. The security update address...

Malicious code in js-cookie-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4db21916d97f75d76cd031171b76c9c5a2223cd3549d141bde479c6babb0569c Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

MAL-2023-539 Malicious code in js-cookie-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4db21916d97f75d76cd031171b76c9c5a2223cd3549d141bde479c6babb0569c Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

curl: CVE-2022-27779: cookie for trailing dot TLD

Summary: In CVE-2014-3620 curl prevents cookies from being set for Top Level Domains TLDs. According to the advisory, curl's "cookie parser has no Public Suffix awareness", but it will "reject TLDs from being allowed". However, a cookie can still be set for a TLD + trailing dot. A trailing dot...

NewStart CGSL MAIN 6.02 : dotnet3.1 Vulnerability (NS-SA-2021-0078)

The remote NewStart CGSL host, running version MAIN 6.02, has dotnet3.1 packages installed that are affected by a vulnerability: - A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie...

CVE-2020-1045

A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded. The security update address...

Security feature bypass

A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded. The security update address...

Microsoft .NET Core and ASP.NET Core Security Feature Bypass Vulnerability

Microsoft .NET Core and Microsoft ASP.NET Core are both products of Microsoft Corporation USA. NET Core is a free open source development platform. NET Core is a free open source development platform with multi-language support and cross-platform features.Microsoft ASP.NET Core is a framework of...

Microsoft ASP.NET Core Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded. The security update address...

Ruby on Rails: Rack parses encoded cookie names allowing an attacker to send malicious `__Host-` and `__Secure-` prefixed cookies

The rack cookie parser parses the cookie string using unescape. This allows a malicious attacker to set a second cookie with the name being percent encoded. Typically it would be expected that we cannot trust cookies and in most cases that's true. However in a couple of cases certain expectations...

CVE-2019-13193

Some Brother printers such as the HL-L8360CDW v1.20 were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device...

Same Origin Policy Bypass

libcurl.so is vulnerable to same origin policy bypass. This is due to the libcurl's cookie parser having no public suffix awareness, which could allow for cookies to be set for arbitrary sites by setting a cookie for a top-level domain...

For the Node. js in the node-serialize module deserialization vulnerability the subsequent analysis-vulnerability warning-the black bar safety net

Of the Node. js serialization remote command execution vulnerabilities of a number of follow-up found and how to develop the attack load. A few days ago I was in opsecx blog found an article How to use a named node-serialize nodejs module in the RCE remote code execution error blog. The article...

VulnCheck KEV: CVE-2016-6909

Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER...

Fortinet FortiGate Cookie Parser Buffer Overflow Vulnerability (FG-IR-16-023) - Active Check

FortiGate firmware FOS released before Aug 2012 has a cookie parser buffer overflow vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2016-6909

Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER...

FortiGate firmware Cookie Parser Buffer Overflow Vulnerability

No description provided by source...

Cookie Parser Buffer Overflow Vulnerability

FortiGate FortiOS: 4.3.8 and below 4.2.12 and below 4.1.10 and below...

SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2015:0990-1)

curl was updated to fix five security issues. The following vulnerabilities were fixed : - CVE-2015-3143: curl could re-use NTML authenticateds connections - CVE-2015-3144: curl could access memory out of bounds with zero length host names - CVE-2015-3145: curl cookie parser could access memory o...