python-werkzeug: cookie prefixed with = can shadow unprefixed cookie

A flaw was found in python-werkzeug. Browsers may allow "nameless" cookies like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie for another subdomain. If a Werkzeug application is running next to a...

DEBIAN-CVE-2024-6763

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browser...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, Inc. in the United States. A security vulnerability exists in Google Chrome prior to version 116.0.5845.96, which originates from the presence of out-of-bounds memory access in Skia, allowing remote attackers to cause the browser to shut down via a...

Incorrect parsing of nameless cookies leads to __Host- cookies bypass

Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain. Werkzeug = 2.2.2 will parse the cookie =Host-test=bad as...

CVE-2023-23934

Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain...

CVE-2023-23934 Wrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass

Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain...

Fortinet FortiEDR 跨站脚本漏洞

Fortinet FortiEDR is a built-from-scratch endpoint security solution from US-based Fortinet. Fortinet FortiEDR suffers from a cross-site scripting vulnerability that stems from insufficient cleansing of user-supplied data. A remote attacker could exploit the vulnerability to trick a victim into...

Security Bulletin: IBM Analyst's Notebook Premium uses a component with known vulnerabilities (CVE-2020-16013, CVE-2020-16009, CVE-2020-15999)

Summary IBM i2 Analyst's Notebook Premium uses a browser component version with known vulnerabilities. Vulnerability Details CVEID: CVE-2020-16013 DESCRIPTION: Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in V8. By persuading ...

Cryptome Webpages infected with Blackhole exploit kit

Cryptome Webpages infected with Blackhole exploit kit Cryptome.org a popular website and similar to Wikileaks was hacked by the cybercriminals & Attackers were able to hide malicious scripts on every one of the site's 6,000 pages. Anyone visiting with a vulnerable browser will have found themselv...

Mozilla Firefox JIT Escape Function Memory Corruption

Added: 07/13/2009 CVE: CVE-2009-2477 BID: 35660 OSVDB: 55846 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem A memory corruption vulnerability in Mozilla Firefox in the way it handles JIT escape function calls allows arbitrary code injection and...