CVE-2024-47703

CVE-2024-47703 — Linux kernel (bpf, lsm): The vulnerability stems from a BPF LSM return value not being checked, which could cause a kernel panic when a BPF prog attached to file_alloc_security returns a positive value that is misinterpreted as a file pointer. The issue was addressed by adding a ...

GHSA-PXG6-PF52-XH8X cookie accepts cookie name, path, and domain with out of bounds characters

Impact The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, serialize"userName=alert'XSS3'; Max-Age=2592000; a", value would result in "userName=alert'XSS3'; Max-Age=2592000; a=test", setting userName cookie to and ignoring value. ...

CVE-2024-47764

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

CVE-2021-3998

A flaw was found in glibc. The realpath function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data...