Lucene search
K

159 matches found

Debian
Debian
added 2020/10/06 9:42 p.m.73 views

[SECURITY] [DLA 2397-1] php7.0 security update

Debian LTS Advisory DLA-2397-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez October 06, 2020 https://wiki.debian.org/LTS Package : php7.0 Version : 7.0.33-0+deb9u10 CVE ID : CVE-2020-7070 A vulnerability was discovered in PHP, a server-side, HTML-embedded...

5.3CVSS6.6AI score0.05029EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2020/10/06 9:20 p.m.66 views

CVE-2020-7070

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

5CVSS1.3AI score0.05029EPSS
Exploits2References3
AlpineLinux
AlpineLinux
added 2020/10/02 2:14 p.m.38 views

CVE-2020-7070

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

5.3CVSS6.8AI score0.05029EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/07/21 12:0 a.m.38 views

NewStart CGSL MAIN 6.01 : python3 Multiple Vulnerabilities (NS-SA-2020-0030)

The remote NewStart CGSL host, running version MAIN 6.01, has python3 packages installed that are affected by multiple vulnerabilities: - http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into...

7.5CVSS7.3AI score0.05366EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.26 views

Debian DLA-2132-1 : libzypp security update

It was discovered that there was an issue where incorrect default permissions on a HTTP cookie store could have allowed local attackers to read private credentials. For Debian 8 'Jessie', this issue has been fixed in libzypp version 14.29.1-2+deb8u1. We recommend that you upgrade your libzypp...

4CVSS6.1AI score0.00301EPSS
Exploits0References3
Debian
Debian
added 2020/03/04 2:33 a.m.61 views

[SECURITY] [DLA 2132-1] libzypp security update

Package : libzypp Version : 14.29.1-2+deb8u1 CVE ID : CVE-2019-18900 It was discovered that there was an issue where incorrect default permissions on a HTTP cookie store could have allowed local attackers to read private credentials. For Debian 8 "Jessie", this issue has been fixed in libzypp...

4CVSS3.6AI score0.00301EPSS
Exploits0
NVD
NVD
added 2020/02/08 5:15 p.m.20 views

CVE-2014-9126

Multiple cross-site scripting XSS vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YIICSRFTOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php...

6.1CVSS6.1AI score0.01066EPSS
Exploits3References1
Prion
Prion
added 2020/02/08 5:15 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YIICSRFTOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php...

4.3CVSS6AI score0.01066EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2020/02/08 4:23 p.m.23 views

CVE-2014-9126

Multiple cross-site scripting XSS vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YIICSRFTOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php...

6.1AI score0.01066EPSS
Exploits3References1
NVD
NVD
added 2019/09/10 9:15 p.m.19 views

CVE-2019-11668

HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51,...

7.5CVSS7.5AI score0.01071EPSS
Exploits0References1
Prion
Prion
added 2019/09/10 9:15 p.m.21 views

Design/Logic Flaw

HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51,...

5CVSS7.5AI score0.01071EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2019/09/10 8:25 p.m.112 views

CVE-2019-11668

CVE-2019-11668 involves an HTTP cookie issue in Micro Focus Service Manager and related Chat Server/Chat Service components. Affected versions are Service Manager 9.30–9.62, Chat Server 9.41, 9.50–9.52, 9.60–9.62, and Chat Service 9.41, 9.50–9.52, 9.60–9.62. The Red Hat entry and related records ...

7.5CVSS7.5AI score0.01071EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/09/10 8:25 p.m.22 views

CVE-2019-11668

HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51,...

7.6AI score0.01071EPSS
Exploits0References1
OSV
OSV
added 2019/08/26 3:15 p.m.3 views

CVE-2019-14300

Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is...

9.8CVSS7.8AI score0.0312EPSS
Exploits0References3
Prion
Prion
added 2019/08/26 3:15 p.m.22 views

Buffer overflow

Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is...

7.5CVSS9.5AI score0.0312EPSS
Exploits0References3Affected Software4
Packet Storm
Packet Storm
added 2019/07/01 12:0 a.m.168 views

FaceSentry Access Control System 6.4.8 Authentication Credential Disclosure

FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14 Summary: FaceSentry 5AN...

1.2AI score
Exploits0
Prion
Prion
added 2018/07/03 2:29 p.m.11 views

Sql injection

The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter...

6.8CVSS9.1AI score0.00974EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/07/03 2:0 p.m.55 views

CVE-2018-7772

The CVE-2018-7772 issue affects Schneider Electric U.motion Builder (pre-1.3.4) and is caused by SQL injection in the loginSeed handling within applets exposed via the web service. The underlying SQLite query used to verify a user is logged in is vulnerable and can be embedded in the HTTP cookie,...

8.8CVSS8.8AI score0.00974EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2017/10/18 4:57 p.m.8 views

nodejs-tough-cookie: Regular expression denial of service

A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU...

7.5CVSS7.1AI score0.03283EPSS
Exploits0References5
Prion
Prion
added 2017/07/21 2:29 p.m.22 views

Cross site scripting

The eshopcheckout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting XSS attacks, or a path disclosure attack via crafted variables named after target P...

4.3CVSS6.2AI score0.01291EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder