Lucene search
K

32 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 6:0 a.m.6 views

Security Bulletin: tough-cookie Prototype Pollution Vulnerability in CookieJar, affects watsonx.data

Summary ough-cookie versions prior to 4.1.3 are vulnerable to prototype pollution when using CookieJar with rejectPublicSuffixes=false due to improper object initialization. Fixed in version 4.1.3. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-26136 DESCRIPTION: Versions of t...

9.8CVSS6.7AI score0.02542EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-26136

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in...

9.8CVSS6.7AI score0.02542EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 8:50 p.m.12 views

Security Bulletin: IBM Storage Ceph is vulnerable to Prototype Pollution in ToughCookie via Grafana (CVE-2023-26136)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-26136 Vulnerability Details CVEID:CVE-2023-26136 DESCRIPTION: Versions of the package tough-cookie before 4.1.3 are vulnerable to...

9.8CVSS6.7AI score0.02542EPSS
Exploits2Affected Software1
GithubExploit
GithubExploit
added 2025/06/18 7:27 a.m.774 views

Exploit for Prototype Pollution in Salesforce Tough-Cookie

CVE-2023-26136 Fix for tough-cookie 2.5.0 Mission Overview...

9.8CVSS7.1AI score0.02542EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/18 10:37 a.m.51 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution

Summary Salesforce tough-cookie is used by IBM App Connect Enterprise Certified Container for handling cookies. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in...

9.8CVSS8.3AI score0.02542EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.26 views

RHEL 8 : tough-cookie (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tough-cookie: prototype pollution in cookie memstore CVE-2023-26136 Note that Nessus has not tested for this issue...

9.8CVSS6.9AI score0.02542EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2024/04/05 12:0 a.m.31 views

Mageia: Security Advisory (MGASA-2024-0080)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.02542EPSS
Exploits2References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 8:31 p.m.112 views

Security Bulletin: IBM Planning Analytics Workspace has addressed multiple vulnerabilities

Summary IBM Planning Analytics Workspace is considered vulnerable to a Malicious File Upload vulnerability which could allow a privileged user to upload malicious files that can be automatically processed within the product CVE-2023-42017. This vulnerability has been addressed. IBM Planning...

9.8CVSS10AI score0.0434EPSS
Exploits5Affected Software1
OSV
OSV
added 2024/03/22 12:19 a.m.16 views

MGASA-2024-0080 Updated nodejs-tough-cookie packages fix security vulnerability

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized. CVE-2023-26136...

9.8CVSS6.6AI score0.02542EPSS
Exploits2References3
Mageia
Mageia
added 2024/03/22 12:19 a.m.57 views

Updated nodejs-tough-cookie packages fix security vulnerability

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized. CVE-2023-26136...

9.8CVSS6.8AI score0.02542EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2024/02/28 12:0 a.m.28 views

Fedora: Security Advisory (FEDORA-2024-28fc0c2ef4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.5AI score0.02542EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2024/02/28 12:0 a.m.34 views

Fedora: Security Advisory for yarnpkg (FEDORA-2024-5ecc250449)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.8AI score0.02542EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 1:37 p.m.38 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable toSalesforce tough-cookie arbitrary code execution vulnerabilitiy [CVE-2023-26136]

Summary Potential Salesforce tough-cookie arbitrary code execution vulnerabilitiy have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. CVE-2023-26136 Vulnerability Details...

9.8CVSS8.5AI score0.02542EPSS
Exploits2Affected Software1
Circl
Circl
added 2023/12/06 10:47 a.m.6 views

CVE-2023-26136

creationtimestamp| type| source ---|---|--- 2023-12-06 10:47:06+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/6094 2023-12-07 12:25:57+00:00| seen| https://t.me/arpsyndicate/1537 2025-02-04 16:00:09+00:00| published-proof-of-concept|...

9.8CVSS6.1AI score0.02542EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2023/11/15 1:25 a.m.65 views

Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.2 security and bug fix update

The Migration Toolkit for Containers MTC 1.8.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9.8CVSS6.6AI score0.02761EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2023/10/31 12:54 p.m.54 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

9.8CVSS7AI score0.99999EPSS
Exploits29References1323
RedHat Linux
RedHat Linux
added 2023/10/24 12:2 p.m.48 views

Important: Red Hat Security Advisory: Logging Subsystem 5.5.17 - Red Hat OpenShift security update

Logging Subsystem 5.5.17 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

9.8CVSS7AI score0.99999EPSS
Exploits21References6
RedHat Linux
RedHat Linux
added 2023/10/20 4:11 a.m.47 views

Important: Red Hat Security Advisory: Logging Subsystem 5.6.12 - Red Hat OpenShift security update

Logging Subsystem 5.6.12 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

9.8CVSS7AI score0.99999EPSS
Exploits21References10
Tenable Nessus
Tenable Nessus
added 2023/10/06 12:0 a.m.65 views

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 8 (Important) (RHSA-2023:5485)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5485 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

9.8CVSS6.8AI score0.02761EPSS
Exploits4References33
RedHat Linux
RedHat Linux
added 2023/10/05 8:23 p.m.57 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 7

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS6.7AI score0.02761EPSS
Exploits4References25
Rows per page
Query Builder