Lucene search
K

534 matches found

GithubExploit
GithubExploit
added 2025/11/02 9:42 a.m.517 views

Exploit for Server-generated Error Message Containing Sensitive Information in Squid-Cache Squid

CVE-2025-62168Squid Proxy Information Disclosure in Error hand...

10CVSS6.8AI score0.6332EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2025/10/30 1:37 a.m.6 views

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

10CVSS5.8AI score0.6332EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/10/28 12:21 p.m.5 views

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

10CVSS5.8AI score0.6332EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/10/28 6:59 a.m.8 views

CVE-2025-24934

Software which sets SOREUSEPORTLB on a socket and then connects it to a host will not directly observe any problems. However, due to its membership in a load-balancing group, that socket will receive packets originating from any host. This breaks the contract of the connect2 and implied connect v...

5.4CVSS6.7AI score0.00197EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/10/28 1:56 a.m.5 views

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

10CVSS5.8AI score0.6332EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/10/28 1:49 a.m.5 views

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

10CVSS5.8AI score0.6332EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/10/28 1:18 a.m.5 views

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

10CVSS5.8AI score0.6332EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/10/27 4:55 p.m.5 views

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

10CVSS5.8AI score0.6332EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/22 6:30 p.m.8 views

EUVD-2025-35613

Software which sets SOREUSEPORTLB on a socket and then connects it to a host will not directly observe any problems. However, due to its membership in a load-balancing group, that socket will receive packets originating from any host. This breaks the contract of the connect2 and implied connect v...

5.4CVSS6.2AI score0.00197EPSS
Exploits0References2
NVD
NVD
added 2025/10/22 6:15 p.m.11 views

CVE-2025-24934

Software which sets SOREUSEPORTLB on a socket and then connects it to a host will not directly observe any problems. However, due to its membership in a load-balancing group, that socket will receive packets originating from any host. This breaks the contract of the connect2 and implied connect v...

5.4CVSS0.00197EPSS
Exploits0References2
CVE
CVE
added 2025/10/22 5:43 p.m.12 views

CVE-2025-24934

CVE-2025-24934 affects FreeBSD kernels. When SO_REUSEPORT_LB is used and a socket is connected, the kernel can place it into a load-balancing group and may deliver incoming packets to sockets that are connected to a different host, breaking the contract that connected sockets only receive packets...

5.4CVSS6.3AI score0.00197EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/22 5:43 p.m.5 views

CVE-2025-24934 SO_REUSEPORT_LB breaks connect(2) for UDP sockets

Software which sets SOREUSEPORTLB on a socket and then connects it to a host will not directly observe any problems. However, due to its membership in a load-balancing group, that socket will receive packets originating from any host. This breaks the contract of the connect2 and implied connect v...

6.3AI score0.00197EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/22 5:43 p.m.12 views

CVE-2025-24934 SO_REUSEPORT_LB breaks connect(2) for UDP sockets

Software which sets SOREUSEPORTLB on a socket and then connects it to a host will not directly observe any problems. However, due to its membership in a load-balancing group, that socket will receive packets originating from any host. This breaks the contract of the connect2 and implied connect v...

0.00197EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/10/22 12:0 a.m.7 views

FreeBSD Security Advisory - FreeBSD-SA-25:09.netinet

FreeBSD Security Advisory - Connected sockets are not intended to belong to load-balancing groups. However, the kernel failed to check the connection state of sockets when adding them to load-balancing groups. Furthermore, when looking up the destination socket for an incoming packet, the kernel...

5.4CVSS6.7AI score0.00197EPSS
Exploits0
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.7 views

FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system from the FreeBSD Foundation. A security vulnerability exists in FreeBSD, which stems from the kernel adding sockets to a load balancing group without checking the connection state, and matching load balancing group sockets while connected, which could lead ...

5.4CVSS6.3AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.7 views

PT-2025-43393

Name of the Vulnerable Software and Affected Versions versions prior to kernel release containing the fix affected versions not specified Description A flaw exists where the kernel does not properly validate the connection state of sockets when adding them to load-balancing groups created using t...

5.4CVSS6.3AI score0.00197EPSS
Exploits0References7
FreeBSD
FreeBSD
added 2025/10/22 12:0 a.m.7 views

FreeBSD -- SO_REUSEPORT_LB breaks connect(2) for UDP sockets

Problem Description: Connected sockets are not intended to belong to load-balancing groups. However, the kernel failed to check the connection state of sockets when adding them to load-balancing groups. Furthermore, when looking up the destination socket for an incoming packet, the kernel will...

5.4CVSS6.8AI score0.00197EPSS
Exploits0
FreeBSD Advisory
FreeBSD Advisory
added 2025/10/22 12:0 a.m.7 views

FreeBSD-SA-25:09.netinet

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-25:09.netinet Security Advisory The FreeBSD Project Topic: SOREUSEPORTLB breaks connect2 for UDP sockets Category: core Module: netinet Announced: 2025-10-22...

5.4CVSS5.9AI score0.00197EPSS
Exploits0
CVE
CVE
added 2025/10/17 4:21 p.m.600 views

CVE-2025-62168

Squid (proxy/cache) prior to version 7.2 is affected by information disclosure due to failure to redact HTTP authentication credentials in error handling. The vulnerability can allow a remote, unauthenticated attacker to learn credentials or tokens used by a trusted client or internal web applica...

10CVSS6.4AI score0.6332EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2025/10/17 4:21 p.m.3 views

CVE-2025-62168

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...

10CVSS6.8AI score0.6332EPSS
Exploits1References3
Rows per page
Query Builder