Lucene search
K

12 matches found

Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.21 views

PT-2026-48380

Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.06.09 Description When using aria2c as an external downloader for fragmented manifest formats like HLS or DASH streams, insufficiently sanitized input allows an attacker to perform arbitrary file writes. This occu...

9.6CVSS6AI score0.00406EPSS
Exploits0References15
Microsoft CVE
Microsoft CVE
added 2023/12/11 8:0 a.m.2 views

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk` even though `co.uk` is listed as a PSL domain.

...

6.5CVSS6.7AI score0.01685EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/12/07 2:5 a.m.4 views

SUSE CVE-2023-46218

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

4.2CVSS6.8AI score0.01685EPSS
Exploits1References41
OSV
OSV
added 2023/12/07 1:15 a.m.9 views

AZL-32126 CVE-2023-46218 affecting package mysql for versions less than 8.0.35-2

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

6.5CVSS6.6AI score0.01685EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/12/07 1:15 a.m.5 views

CVE-2023-46218

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

6.5CVSS5.7AI score0.01685EPSS
Exploits1References8Affected Software1
curl security advisories
curl security advisories
added 2023/12/06 8:0 a.m.7 views

cookie mixed case PSL bypass

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

6.5CVSS6.5AI score0.01685EPSS
Exploits1References1Affected Software2
Amazon
Amazon
added 2023/10/17 12:0 a.m.17 views

Important: ecs-service-connect-agent

Issue Overview: An issue was found in libcurl which allows cookies to be inserted into a running program if specific conditions are met. The libcurl provided function, curleasyduphandle, is used to duplicate the easyhandle associated with a transfer. If a duplicated transfer's easyhandle has...

8.1CVSS8AI score0.99999EPSS
Exploits19
OSV
OSV
added 2022/09/23 2:15 p.m.1 views

DEBIAN-CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

3.7CVSS6.3AI score0.01839EPSS
Exploits1References1
OSV
OSV
added 2022/09/23 2:15 p.m.2 views

ALPINE-CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

3.7CVSS6.9AI score0.01839EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/09/23 12:0 a.m.5 views

CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

7AI score0.01839EPSS
Exploits1References8
curl security advisories
curl security advisories
added 2022/08/31 8:0 a.m.6 views

control code in cookie denial of service

When curl retrieves and parses cookies from an HTTPS server, it accepts cookies using control codes byte values below 32. When cookies that contain such control codes are later sent back to an HTTPS server, it might make the server return a 400 response. Effectively allowing a "sister site" to de...

3.7CVSS6.3AI score0.01839EPSS
Exploits1References1Affected Software2
UbuntuCve
UbuntuCve
added 2016/11/02 12:0 a.m.30 views

CVE-2016-8623

A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure...

7.5CVSS6.7AI score0.02602EPSS
Exploits0References3
Rows per page
Query Builder