476 matches found
CVE-2024-1551
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...
UBUNTU-CVE-2024-1551
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...
CVE-2024-1551
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...
CVE-2024-1551
The CVE-2024-1551 issue is a header-injection vulnerability in Set-Cookie handling within multipart HTTP responses. The root cause is that an attacker able to control the Content-Type header and part of the response body could inject Set-Cookie headers that the browser would honor. Affected produ...
CVE-2024-1551
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...
CVE-2024-1551
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...
CVE-2024-1551
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...
CVE-2024-1551
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...
Mozilla Firefox < 123.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 123.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-05 advisory. - Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior...
Security Vulnerabilities fixed in Firefox 123 — Mozilla
When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim...
Security Vulnerabilities fixed in Firefox ESR 115.8 — Mozilla
When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an HTTP header injection vulnerability that stems from a Set-Cookie response header being incorrectly executed in a multipart HTTP response, which can be exploited by an...
Mozilla Firefox < 123.0
The version of Firefox installed on the remote Windows host is prior to 123.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-05 advisory. - Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior. Note: Thi...
Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-051-01)
The version of mozilla-firefox installed on the remote host is prior to 115.8.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-051-01 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused,...
Mozilla Thunderbird < 115.8
The version of Thunderbird installed on the remote Windows host is prior to 115.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-07 advisory. - Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.Note:...
Mozilla Firefox ESR < 115.8
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-06 advisory. - Incorrect code generation could have led to unexpected numeric conversions and potential undefined...
GHSA-9XFW-JJQ2-7V8H 1Panel set-cookie is missing the Secure keyword
Summary The https cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text when accessing http accidentally. https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Set-Cookiesecure PoC Directly configure https for the panel, and the...
1Panel set-cookie is missing the Secure keyword
Summary The https cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text when accessing http accidentally. https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Set-Cookiesecure PoC Directly configure https for the panel, and the...
RHCOS 4 : OpenShift Container Platform 4.11.43 (RHSA-2023:3541)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3541 advisory. - cri-o: incorrect handling of the supplementary groups CVE-2022-2995 - flask: Possible disclosure of permanent session cookie due t...
python-future: remote attackers can cause denial of service via crafted Set-Cookie header from malicious web server
A denial of service flaw was found in Python Charmers Future. This flaw allows an attacker to send a specially crafted Set-Cookie header in an HTTP request, resulting in a loss of system availability...