urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

PT-2024-5715 · Microsoft · Windows Resource Manager Psm Service Extension +1

Name of the Vulnerable Software and Affected Versions: Windows Resource Manager PSM Service Extension affected versions not specified Description: The issue is related to the use of insecure mechanisms for handling authentication data in the operating system's memory. This can allow an attacker t...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

The vulnerability of the rpm-ostree package allows unauthorized access to authentication data on Red Hat Enterprise Linux and Fedora operating systems.

The vulnerability of the rpm-ostree package in Red Hat Enterprise Linux and Fedora systems is related to the improper assignment of permissions for a critical resource. Exploiting this vulnerability can allow an attacker to gain unauthorized access to authentication data...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from some authentication information being written to a log file, so that by spoofing external communications, this information could be...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from some authentication information being written to a log file, so that by spoofing external communications, this information could be...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from some authentication information being written to a log file, so that by spoofing external communications, this information could be...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO that originates when some authentication information between programs within the multifunction device is written directly into the program, so that this...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO that originates when some authentication information between programs within the multifunction device is written directly into the program, so that this...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO that originates when some authentication information between programs within the multifunction device is written directly into the program, so that this...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO that originates when some authentication information between programs within the multifunction device is written directly into the program, so that this...

The vulnerability of the CMS system Netcat, related to the manipulation of inter-site requests, allows a hacker to set arbitrary values for authentication data and execute arbitrary code.

The vulnerability of the CMS system Netcat is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to set arbitrary values for authentication data to access the 1C data import module and execute arbitrary code...

The vulnerability of the hyper-converged infrastructure of IBM Storage Fusion HCI, related to the use of strictly encrypted authentication data, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the high-convergence infrastructure of IBM Storage Fusion HCI is related to the use of strictly encrypted account data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

rpm-ostree: world-readable /etc/shadow file

A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication da...

tine 安全漏洞

tine is a team collaboration software from tine, Inc. A security vulnerability exists in versions of tine prior to 2023.11.8, which stems from a vulnerability that allows remote attackers to obtain sensitive authentication information via setup.php...

The vulnerability of the AVerCaster video encoding device, related to the transmission of authentication information in an open manner, allows a intruder to gain unauthorized access to the protected information.

The vulnerability of the AVerCaster video encoding device lies in the transmission of authentication information in an open manner. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to the protected information...