EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-1438)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP...

EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-1463)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP...

Ubuntu: Security Advisory (USN-5894-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Curl Use-After-Free < 7.87 (CVE-2022-43552)

The version of Curl installed on the remote host is prior to 7.87.0. It is therefore affected by a use-after-free vulnerability. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When getting denied to...

Tenable SecurityCenter 5.22.0 / 5.23.1 Multiple Vulnerabilities (TNS-2023-05)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is running 5.22.0 or 5.23.1 and is therefore affected by multiple vulnerabilities in curl starting with 7.77.0 and before 7.86.0: - If curl is told to use an HTTP proxy for a transfer with ...

K02692210: BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2017-6157

Security Advisory Description BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or...

K57111075: TMM vulnerability CVE-2022-23021

Security Advisory Description When any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate: HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP Profile...

K26351280: HTTP proxy client implementations vulnerability VU#905344

Security Advisory Description HTTP CONNECT requests and 407 Proxy Authentication Required messages are not integrity protected and are susceptible to man-in-the-middle attacks. WebKit-based applications are additionally vulnerable to arbitrary HTML markup and JavaScript execution in the context o...

K24358905: BIG-IP AFM virtual server vulnerability CVE-2022-23018

Security Advisory Description When a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23018 Impact Traffic is disrupted while the TMM process restarts. This...

SUSE CVE-2012-5580

Format string vulnerability in the printproxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the httpproxy environment...

SUSE CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

SUSE CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

SUSE CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...

SUSE CVE-2016-1000107

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an...

SUSE CVE-2016-1000111

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

SUSE CVE-2019-10196

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...

SUSE CVE-2022-32210

Undici.ProxyAgent never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via...

CVE-2022-43552

A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocat...

AZL-37981 CVE-2022-43552 affecting package tensorflow for versions less than 2.16.1-1

A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocat...

AZL-13284 CVE-2022-43552 affecting package curl for versions less than 7.86.0-3

A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocat...