curl: Proxy CONNECT response poisoning via authentication retry in cf-h1-proxy.c (libcurl)

Summary: When an HTTP/1.x proxy returns a 407 with no Content-Length and no chunked transfer-encoding, lib/cf-h1-proxy.c singleheader sets ts-keepon = KEEPONDONE but never sets ts-closeconnection = TRUE. Because ts-closeconnection and conn-bits.close both stay false, the CONNECT tunnel state...

curl: HTTP/2 proxy CONNECT tunnel unbounded 1xx chain (missing Curl_bump_headersize cap in cf-h2-proxy.c)

A malicious HTTPS-on-HTTP/2 proxy can grow a libcurl client's resident set without bound during the CONNECT phase by streaming 1xx informational responses. The CVE-2023-38039 cap MAXHTTPRESPHEADERSIZE, 300 KiB, enforced through Curlbumpheadersize is not applied on the HTTP/2 proxy path. The HTTP/...

FreeBSD : Python -- HTTP proxy CONNECT tunnel does not sanitize CR/LF (30bda1c3-369b-11f1-b51c-6dd25bec137b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 30bda1c3-369b-11f1-b51c-6dd25bec137b advisory. Seth Larson reports: HTTP proxy via CONNECT tunneling doesn't sanitize CR/LF CVE-2026-1502. Tenable has...

EUVD-2026-20908

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

CVE-2026-4116

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

CVE-2026-4116

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

SonicWALL SMA1000 安全漏洞

SonicWALL SMA1000 is a series of security mobile access solutions developed by the American company SonicWALL. It simplifies end-to-end secure remote access for enterprise resources across local, cloud, and hybrid data centers. There is a security vulnerability in SonicWall SMA1000, which stems...

libsoup 安全漏洞

Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a security vulnerability that arises from the transmission of sensitive session cookies in plaintext during the initial HTTP CONNECT request when an HTTPS tunnel is established through a configured HTTP proxy. This could lead to...

Envoy forwards early CONNECT data in TCP proxy mode

Summary Forwarding of early CONNECT data in TCP proxy mode. Details Per RFC 7231-4.3.6 the sender of CONNECT and all inbound proxies switch to tunnel mode only after receiving 2xx response. However in TCP proxy mode, Envoy accepts client data before it has issued a 2xx response and eagerly proxie...

EUVD-2025-201099

Envoy forwards early CONNECT data in TCP proxy mode...

EUVD-2025-11550

Malicious code in bioql PyPI...

SonicWall Connect Tunnel Windows Client Improper Link Resolution (SNWLID-2025-0007)

According to its self-reported version, the installed SonicWall Connect Tunnel client is vulnerable to an improper link resolution vulnerability: - A Improper Link Resolution vulnerability CWE-59 in the SonicWall Connect Tunnel Windows 32 and 64 bit client, this results in unauthorized file...

The vulnerability of the software client for network access provisioning in SonicWall Connect Tunnel allows a hacker to trigger a service failure.

The vulnerability of the software client for network access provisioning in SonicWall Connect Tunnel is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow a hacker to cause a service failure...

CVE-2025-32817

A Improper Link Resolution vulnerability CWE-59 in the SonicWall Connect Tunnel Windows 32 and 64 bit client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption...

SonicWALL Connect Tunnel Link Following Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of SonicWALL Connect Tunnel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2025-32817

A Improper Link Resolution vulnerability CWE-59 in the SonicWall Connect Tunnel Windows 32 and 64 bit client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption...

CVE-2025-32817

A Improper Link Resolution vulnerability CWE-59 in the SonicWall Connect Tunnel Windows 32 and 64 bit client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption...

CVE-2025-32817

A Improper Link Resolution vulnerability CWE-59 in the SonicWall Connect Tunnel Windows 32 and 64 bit client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption...

CVE-2025-32817

CVE-2025-32817 is an "Improper Link Resolution" (CWE-59) vulnerability in the SonicWall Connect Tunnel Windows client (32/64 bit). The connected documents confirm the root cause as improper link resolution that may allow unauthorized file overwrite, potentially causing denial of service or file c...

SonicWall Connect Tunnel Windows Client Improper Link Resolution Vulnerability

A Improper Link Resolution vulnerability CWE-59 in the SonicWall Connect Tunnel Windows 32 and 64 bit Client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption. CVE: CVE-2025-32817 Last updated: April 16, 2025, 12:30 p.m...