cpython: Header injection in http.cookies.Morsel in Python

An injection flaw has been discovered in Python. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

SUSE SLES15 Security Update : python311 (SUSE-SU-2026:1117-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1117-1 advisory. Update to python 3.11.15: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injectio...

Security update for python312

This update for python312 fixes the following issues: Update to Python 3.12.13: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...

PSF-2026-11

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

SUSE CVE-2026-0672

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

AZL-50114 CVE-2024-47764 affecting package reaper for versions less than 3.1.1-13

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

SUSE CVE-2020-14301

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpx...

curl: Incorrect handling of control code characters in cookies

A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTPS server, where it accepts cookies using control codes byte values below 32, and also when cookies that contain such control codes are later sent back to an HTTPS server, possibly...

What are computer cookies?

We all know cookies as tasty baked treats that we love to eat, but computer cookies are quite different. Although they’re most popularly known as just "cookies", they may be referred to as browser cookies, Internet cookies, HTTP cookies, web cookies, computer cookies, or digital cookies. What are...

RSA Authentication Agent (IIS) < 8.0.2 Multiple Vulnerabilities

RSA Authentication Agent for IIS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-1232

RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the...

Stack overflow

RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the...

DNN (DotNetNuke) 5.2.0 < 9.1.1 Multiple Vulnerabilities

The version of DNN Platform formerly DotNetNuke running on the remote host is 5.2.0 or later but prior to 9.1.1. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists due to insecure use of web cookies to identify users. An unauthenticated, remote...

WebCookiesSniffer - New cookies sniffer/viewer utility

WebCookiesSniffer - New cookies sniffer/viewer utility WebCookiesSniffer is a new packet sniffer utility that captures all web site cookies sent between the web browser and the web server and displays them in a simple cookies table. The upper pane of WebCookiesSniffer displays the cookie string...

Researchers Find Browser History-Sniffing Still Ongoing

The practice of history sniffing, which has been seen as out-of-bounds and a serious privacy violation for the better part of a decade now, is still ongoing by some ad networks, researchers have found. A study completed recently by researchers at Stanford University’s Center for Internet and...

Google Fixes 15 Bugs in Chrome, Gives Users Ability to Delete Flash Cookies

Google has fixed more than a dozen security bugs in its Chrome browser, including five high-severity vulnerabilities and one that qualified for the company’s highest bug bounty, a $3133.7 reward. The new version of Chrome has fixes for 15 separate security vulnerabilities, the most critical of...

Mac OS X Terminal Application Unspecified Issue (Security Update 2003-11-04)

The remote host is missing Mac OS X Security Update 2003-11-04. This update fixes a flaw in the Terminal application that may allow a rogue web site to access the web cookies of the user of the remote host. C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include"compat.inc";...