Lucene search
+L

314 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2005-0148

Malware in sbrugna...

7.5CVSS6.1AI score0.01405EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-9474

Malware in sbrugna...

5.9CVSS5.8AI score0.01301EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-5628

Malware in sbrugna...

5.9CVSS7.5AI score0.01344EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2002-0707

Malware in sbrugna...

5CVSS6.2AI score0.02303EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2005-4865

Malware in sbrugna...

4.3CVSS6.4AI score0.01236EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0479

Malicious code in bioql PyPI...

4.5CVSS6.2AI score0.00765EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-53001

Malicious code in bioql PyPI...

8.6CVSS6.5AI score0.00591EPSS
Exploits0References3
OSV
OSV
added 2025/09/24 7:21 p.m.7 views

GO-2025-3972 Dragonfly vulnerable to timing attacks against Proxy’s basic authentication in d7y.io/dragonfly

Dragonfly vulnerable to timing attacks against Proxy’s basic authentication in d7y.io/dragonfly...

6.9CVSS7.1AI score0.00315EPSS
Exploits0References3
Snyk
Snyk
added 2025/09/17 8:42 p.m.1 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the Proxy authentication. An attacker can obtain sensitive authentication information by exploiting differences in response times during password validation. Remediation Upgrade...

6.9CVSS6.7AI score0.00315EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:42 p.m.1 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the Proxy authentication. An attacker can obtain sensitive authentication information by exploiting differences in response times during password validation. Remediation Upgrade d7y.io/dragonfly/v2/client/daemon/proxy ...

6.9CVSS6.7AI score0.00315EPSS
Exploits0References2
OSV
OSV
added 2025/09/17 8:2 p.m.5 views

GHSA-C2FC-9Q9C-5486 Dragonfly vulnerable to timing attacks against Proxy’s basic authentication

Impact The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison...

6.9CVSS7.1AI score0.00315EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/17 7:43 p.m.2 views

CVE-2025-59350 Timing attacks against Proxy’s basic authentication are possible

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...

6.9CVSS6.6AI score0.00315EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/17 7:43 p.m.10 views

CVE-2025-59350 Timing attacks against Proxy’s basic authentication are possible

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...

6.9CVSS0.00315EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/09/16 12:59 a.m.3 views

net/http: Sensitive headers not cleared on cross-origin redirect in net/http

A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect...

6.8CVSS7.2AI score0.0056EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/09/08 1:27 a.m.4 views

net/http: Sensitive headers not cleared on cross-origin redirect in net/http

A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect...

6.8CVSS7.2AI score0.0056EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/07/30 7:41 p.m.18 views

OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion

Impact This vulnerability affects oauth2-proxy deployments using the skipauthroutes configuration option with regex patterns. The vulnerability allows attackers to bypass authentication by crafting URLs with query parameters that satisfy the configured regex patterns, potentially gaining...

9.1CVSS6.6AI score0.01133EPSS
Exploits1References8Affected Software1
Amazon
Amazon
added 2025/07/10 12:0 a.m.7 views

Medium: oci-add-hooks

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: oci-add-hooks Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about...

6.8CVSS7AI score0.0056EPSS
Exploits0
OSV
OSV
added 2025/07/04 2:43 p.m.7 views

OESA-2025-1742 golang security update

. Security Fixes: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.CVE-2025-4673...

6.8CVSS7AI score0.0056EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.3 views

TencentOS Server 3: mod_auth_mellon (TSSA-2022:0100)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0100 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.1CVSS6.9AI score0.02969EPSS
Exploits1References4
OSV
OSV
added 2025/06/11 5:15 p.m.8 views

AZL-63716 CVE-2025-4673 affecting package golang for versions less than 1.18.8-9

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

6.8CVSS6.8AI score0.0056EPSS
Exploits0References1
Rows per page
Query Builder