DEBIAN-CVE-2024-28849

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

UBUNTU-CVE-2024-28849

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

CVE-2024-28849

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

Stack-based Buffer Overflow

libmicrohttpd.so is vulnerable to a Stack-based Buffer Overflow. The vulnerability is due to boundary error when handling overly long authentication headers inthe MHDdigestauthcheck function. This flaw allows remote attackers to cause a denial of service or possibly execute arbitrary code via a...

Follow Redirects Information Disclosure Vulnerability

Follow Redirects is a Node.js module that automatically follows Https redirects. An information disclosure vulnerability exists in versions of Follow Redirects prior to 1.15.6, which stems from the fact that follow-redirects only clears the authorization header during cross-domain redirects and...

PT-2024-2572

Name of the Vulnerable Software and Affected Versions follow-redirects versions prior to 1.15.6 Description The issue is related to insufficient protection of sensitive data in the follow-redirects module, which is a drop-in replacement for Node's http and https modules. This module automatically...

GHSA-CW9J-Q3VF-HRRV Scrapy authorization header leakage on cross-domain redirect

Impact When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Scrapy’s built-in redirect middleware creates a follow-up redirect request that keeps the original Authorization header, leaking its content to that second domain...

libreswan: Invalid IKEv2 REKEY proposal causes restart

An assertion failure flaw was found in the Libreswan package that occurs when processing IKEv2 REKEY requests. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notification INVALIDSPI is sent back. The notify payload's protocol ID is copied from...

Cisco MDS 9000 NX-OS Software Denial of Service (CVE-2013-5566)

Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service supervisor CPU consumption via Authentication Header AH authentication in a Virtual Router Redundancy Protocol VRRP frame, aka Bug ID CSCte27874. This plugin only works with Tenable.ot. Please vis...

JetBrains Ktor framework 安全漏洞

JetBrains Ktor framework is a web application framework from the Czech company JetBrains. A security vulnerability exists in JetBrains Ktor framework versions prior to 2.3.1, which stems from a header for authentication data that can be added to an exception message...

GHSA-558P-M34M-VPMQ Potential leak of authentication data to 3rd parties

Impact Users of typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: 1. Send any request with BasicCredentialHandler, BearerCredentialHandler or PersonalAccessTokenCredentialHandler 2. The target...

UBUNTU-CVE-2022-47909

Livestatus Query Language LQL injection in the AuthUser HTTP query header of Tribe29's Checkmk = 2.1.0p11, Checkmk = 2.0.0p28, and all versions of Checkmk 1.6.0 EOL allows an attacker to perform direct queries to the application's core from localhost...

SUSE CVE-2013-7039

Stack-based buffer overflow in the MHDdigestauthcheck function in libmicrohttpd before 0.9.32, when MHDOPTIONCONNECTIONMEMORYLIMIT is set to a large value, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a long URI in an authentication header...

SUSE CVE-2014-3497

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

PT-2022-36681 · Git +1 · Curl

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack buffer overflow error, as indicated by the crash type 'Stack-buffer-overflow WRITE'. The crash state points to functions...

node-fetch: exposure of sensitive information to an unauthorized actor

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...

curl: auth/cookie leak on redirect

A vulnerability was found in curl. This security flaw allows leak authentication or cookie header data on HTTP redirects to the same host but another port number. Sending the same set of headers to a server on a different port number is a problem for applications that pass on custom Authorization...

curl: auth/cookie leak on redirect

A vulnerability was found in curl. This security flaw allows leak authentication or cookie header data on HTTP redirects to the same host but another port number. Sending the same set of headers to a server on a different port number is a problem for applications that pass on custom Authorization...

PT-2022-5538 · D Link · D-Link Dir-1935

Name of the Vulnerable Software and Affected Versions: D-Link DIR-1935 version 1.03 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the handling of...

CVE-2022-22700

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant...