Lucene search
K

162 matches found

RedHat Linux
RedHat Linux
added 2024/07/23 3:32 p.m.4 views

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/07/09 12:55 p.m.3 views

libreswan: IKEv1 default AH/ESP responder can crash and restart

A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the computeprotokeymat function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an...

6.5CVSS6.3AI score0.008EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/06/23 10:38 p.m.6 views

libreswan: IKEv1 default AH/ESP responder can crash and restart

A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the computeprotokeymat function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an...

6.5CVSS6.3AI score0.008EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2024/04/22 7:0 a.m.3 views

IKEv1 default AH/ESP responder can cause libreswan to abort and restart

...

6.5CVSS6.7AI score0.008EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/04/10 12:0 a.m.5 views

The vulnerability in the HTTP/1.1 client of the Node.js software platform arises from insufficient protection of service data due to improper cleaning of Proxy-Authentication headers. This allows attackers to enhance their privileges.

The vulnerability of the HTTP/1.1 Undici software platform for Node.js is related to insufficient protection of service data due to improper cleaning of Proxy-Authentication headers. Exploiting this vulnerability can allow a remote attacker to increase their privileges...

5.1CVSS6.5AI score0.00765EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2024/03/14 5:15 p.m.2 views

DEBIAN-CVE-2024-28849

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

6.5CVSS6.5AI score0.01044EPSS
Exploits1References1
OSV
OSV
added 2024/03/14 5:15 p.m.1 views

UBUNTU-CVE-2024-28849

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

6.5CVSS6.7AI score0.01044EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2024/03/14 5:7 p.m.35 views

CVE-2024-28849

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

6.5CVSS6.7AI score0.01044EPSS
Exploits1
Veracode
Veracode
added 2024/03/14 10:57 a.m.24 views

Stack-based Buffer Overflow

libmicrohttpd.so is vulnerable to a Stack-based Buffer Overflow. The vulnerability is due to boundary error when handling overly long authentication headers inthe MHDdigestauthcheck function. This flaw allows remote attackers to cause a denial of service or possibly execute arbitrary code via a...

5.1CVSS8.2AI score0.03277EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/14 12:0 a.m.4 views

PT-2024-2572

Name of the Vulnerable Software and Affected Versions follow-redirects versions prior to 1.15.6 Description The issue is related to insufficient protection of sensitive data in the follow-redirects module, which is a drop-in replacement for Node's http and https modules. This module automatically...

6.8CVSS6.5AI score0.01044EPSS
Exploits1References34
CNNVD
CNNVD
added 2024/03/14 12:0 a.m.2 views

Follow Redirects Information Disclosure Vulnerability

Follow Redirects is a Node.js module that automatically follows Https redirects. An information disclosure vulnerability exists in versions of Follow Redirects prior to 1.15.6, which stems from the fact that follow-redirects only clears the authorization header during cross-domain redirects and...

6.5CVSS6.3AI score0.01044EPSS
Exploits1References12
OSV
OSV
added 2024/02/15 3:32 p.m.18 views

GHSA-CW9J-Q3VF-HRRV Scrapy authorization header leakage on cross-domain redirect

Impact When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Scrapy’s built-in redirect middleware creates a follow-up redirect request that keeps the original Authorization header, leaking its content to that second domain...

7.5CVSS7.1AI score0.00642EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/11/14 3:51 p.m.5 views

libreswan: Invalid IKEv2 REKEY proposal causes restart

An assertion failure flaw was found in the Libreswan package that occurs when processing IKEv2 REKEY requests. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notification INVALIDSPI is sent back. The notify payload's protocol ID is copied from...

6.5CVSS5.8AI score0.00691EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/07/25 12:0 a.m.23 views

Cisco MDS 9000 NX-OS Software Denial of Service (CVE-2013-5566)

Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service supervisor CPU consumption via Authentication Header AH authentication in a Virtual Router Redundancy Protocol VRRP frame, aka Bug ID CSCte27874. This plugin only works with Tenable.ot. Please vis...

5CVSS7AI score0.01885EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/01 12:0 a.m.5 views

JetBrains Ktor framework 安全漏洞

JetBrains Ktor framework is a web application framework from the Czech company JetBrains. A security vulnerability exists in JetBrains Ktor framework versions prior to 2.3.1, which stems from a header for authentication data that can be added to an exception message...

3.3CVSS4.8AI score0.0021EPSS
Exploits0References2
OSV
OSV
added 2023/04/27 2:2 p.m.25 views

GHSA-558P-M34M-VPMQ Potential leak of authentication data to 3rd parties

Impact Users of typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: 1. Send any request with BasicCredentialHandler, BearerCredentialHandler or PersonalAccessTokenCredentialHandler 2. The target...

9.1CVSS8.1AI score0.02224EPSS
Exploits0References6
OSV
OSV
added 2023/02/20 5:15 p.m.2 views

UBUNTU-CVE-2022-47909

Livestatus Query Language LQL injection in the AuthUser HTTP query header of Tribe29's Checkmk = 2.1.0p11, Checkmk = 2.0.0p28, and all versions of Checkmk 1.6.0 EOL allows an attacker to perform direct queries to the application's core from localhost...

7.8CVSS7.1AI score0.00392EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.3 views

SUSE CVE-2013-7039

Stack-based buffer overflow in the MHDdigestauthcheck function in libmicrohttpd before 0.9.32, when MHDOPTIONCONNECTIONMEMORYLIMIT is set to a large value, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a long URI in an authentication header...

7.3CVSS8.5AI score0.03277EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.4 views

SUSE CVE-2014-3497

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

4.3CVSS5.8AI score0.02083EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/10/14 12:0 a.m.6 views

PT-2022-36681 · Git +1 · Curl

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack buffer overflow error, as indicated by the crash type 'Stack-buffer-overflow WRITE'. The crash state points to functions...

7.6AI score
Exploits0References2
Rows per page
Query Builder