1133 matches found
CVE-2025-46809
A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x8664/proxy-httpd:5.0.5.7.23.1: from ? befor...
CVE-2025-54581
vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed as a TTL value. If an attacker supplies a TTL of zero...
CVE-2025-46809
A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x8664/proxy-httpd:5.0.5.7.23.1: from ? befor...
CVE-2025-46809 Multi Linux Manager epxoses the plain text HTTP Proxy user:password in logs
A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x8664/proxy-httpd:5.0.5.7.23.1: from ? befor...
CVE-2025-46809
CVE-2025-46809 is a vulnerability described as plaintext storage of a password: it exposes HTTP proxy credentials found in log files for SUSE Manager components. The affected items include container images and modules such as suse/manager/4.3/proxy-httpd, suse/manager/5.0/x86_64/proxy-httpd and -...
CVE-2025-46809 Multi Linux Manager epxoses the plain text HTTP Proxy user:password in logs
A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x8664/proxy-httpd:5.0.5.7.23.1: from ? befor...
PT-2025-31552 · Suse · Suse Multi Linux Manager +5
Name of the Vulnerable Software and Affected Versions: SUSE Multi Linux Manager versions prior to 5.0.27-150600.3.33.1 Image SLES15-SP4-Manager-Server-4-3-BYOS versions prior to 4.3.87-150400.3.110.2 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure versions prior to 4.3.87-150400.3.110.2 Image...
CVE-2025-54581
vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed as a TTL value. If an attacker supplies a TTL of zero...
CVE-2025-54581 vproxy is vulnerable to a divide by zero DoS attack
vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed as a TTL value. If an attacker supplies a TTL of zero...
CVE-2025-54581
vproxy CVE-2025-54581 affects versions 2.3.3 and earlier, where untrusted data from the HTTP Proxy-Authorization header can be parsed as a TTL value. If ttl is 0 (e.g., via a username like 'configuredUser-ttl-0'), the modulo operation timestamp % ttl causes a division-by-zero panic, leading to a ...
CVE-2025-54581 vproxy is vulnerable to a divide by zero DoS attack
vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed as a TTL value. If an attacker supplies a TTL of zero...
vproxy Divide by Zero DoS Vulnerability
Summary Untrusted, user-controlled data from the HTTP Proxy-Authorization header can induce a denial of service state. Details Untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed ...
GHSA-7H24-C332-P48C vproxy Divide by Zero DoS Vulnerability
Summary Untrusted, user-controlled data from the HTTP Proxy-Authorization header can induce a denial of service state. Details Untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed ...
PT-2025-31441 · Vproxy · Vproxy
Name of the Vulnerable Software and Affected Versions: vproxy versions 2.3.3 and below Description: vproxy is an HTTP/HTTPS/SOCKS5 proxy server. Untrusted data from the user-controlled HTTP Proxy-Authorization header is passed to Extension::try from and then to parse ttl extension where it is...
curl: HTTP Proxy Bypass via `CURLOPT_CUSTOMREQUEST` Verb Tunneling
Summary A logic flaw in libcurl version 8.14.1 allows an attacker to bypass restrictive HTTP proxy firewalls by "tunneling" an arbitrary HTTP verb within a CONNECT request. By setting CURLOPTCUSTOMREQUEST to CONNECT for a standard http:// URL, an attacker can trick libcurl into creating a hybrid...
AZL-64367 CVE-2025-6442 affecting package rubygem-webrick for versions less than 1.7.0-2
Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is affected by multiple vulnerabilities
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. HTTP Proxy bypass using IPv6 Zone IDs can improperly treat an IPv6 zone ID as a hostname component CVE-2025-22870. Spring Framework...
TencentOS Server 2: curl (TSSA-2023:0311)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0311 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...
MAL-2025-4834 Malicious code in http-proxy-error (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7998e5d5542dec49e826d015f403fed34b411fdd9e28030aea1c3aa0fc4657ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in http-proxy-error (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7998e5d5542dec49e826d015f403fed34b411fdd9e28030aea1c3aa0fc4657ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...