1149 matches found
CVE-2022-32290
The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead o...
Design/Logic Flaw
The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead o...
CVE-2022-32290
The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead o...
CVE-2022-32290
CVE-2022-32290 affects Northern.tech Mender client versions 3.2.0–3.2.2. The issue is incorrect access control where the Mender Client exposes an HTTP proxy on a non-localhost TCP port across all network interfaces. This allows any device on the same network to connect to the proxy and forward AP...
Fedora: Security Advisory for golang-github-google-martian (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: golang-github-google-martian-3.1.0-9.fc36
Martian Proxy is a programmable HTTP proxy designed to be used for testing. Martian is a great tool to use if you want to: - Verify that all or some subset of requests are secure - Mock external services at the network layer - Inject headers, modify cookies or perform other mutations of HTTP...
MAL-2022-3699 Malicious code in http-proxy-middelware (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 65e99094fb073abe6ba8b6c790b2c93d2ac8cb7154d1d0f104fcc995e14bfabd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Play Framework Inadequate Encryption Strength vulnerability
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...
CVE-2022-29188
Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...
Server side request forgery (ssrf)
Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...
CVE-2022-29188 Smokescreen SSRF via deny list bypass (square brackets) in Smokescreen
Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...
CVE-2022-29188
CVE-2022-29188 FFECT: Smokescreen’s HTTP proxy could bypass its deny-list when a hostname is wrapped in square brackets (e.g., [example.com]). The issue is limited to the HTTP proxy functionality; HTTPS traffic is unaffected. Concrete details across connected sources confirm the vulnerability exi...
CVE-2022-29188 Smokescreen SSRF via deny list bypass (square brackets) in Smokescreen
Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...
CVE-2022-29188 Smokescreen SSRF via deny list bypass (square brackets) in Smokescreen
Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...
PT-2022-19440 · Unknown · Smokescreen
Name of the Vulnerable Software and Affected Versions: Smokescreen versions prior to 0.0.4 Description: Smokescreen is an HTTP proxy designed to prevent server-side request forgery SSRF attacks. It also offers a deny list feature to restrict access to external URLs. However, an issue allowed...
GHSA-V646-RX6W-R3QQ Improper Access Control in Apache Tomcat
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
Fedora: Security Advisory for golang-github-grpc-ecosystem-gateway-2 (FEDORA-2022-08ae2dd481)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2022-24825
Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an...
CVE-2022-24825
Smokescreen SSRF bypass: The deny-list protection can be bypassed by appending a dot to the end of user-supplied URLs or by using different letter case. This affects the library github.com/stripe/smokescreen; remediation is to upgrade to version 0.0.3 or later. The issue enables bypassing SSRF de...
CVE-2022-24825 Smokescreen SSRF via deny list bypass
Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an...