314 matches found
EUVD-2005-0148
Malware in sbrugna...
EUVD-2017-9474
Malware in sbrugna...
EUVD-2016-5628
Malware in sbrugna...
EUVD-2002-0707
Malware in sbrugna...
EUVD-2005-4865
Malware in sbrugna...
EUVD-2024-0479
Malicious code in bioql PyPI...
EUVD-2024-53001
Malicious code in bioql PyPI...
GO-2025-3972 Dragonfly vulnerable to timing attacks against Proxy’s basic authentication in d7y.io/dragonfly
Dragonfly vulnerable to timing attacks against Proxy’s basic authentication in d7y.io/dragonfly...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack via the Proxy authentication. An attacker can obtain sensitive authentication information by exploiting differences in response times during password validation. Remediation Upgrade...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack via the Proxy authentication. An attacker can obtain sensitive authentication information by exploiting differences in response times during password validation. Remediation Upgrade d7y.io/dragonfly/v2/client/daemon/proxy ...
GHSA-C2FC-9Q9C-5486 Dragonfly vulnerable to timing attacks against Proxy’s basic authentication
Impact The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison...
CVE-2025-59350 Timing attacks against Proxy’s basic authentication are possible
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...
CVE-2025-59350 Timing attacks against Proxy’s basic authentication are possible
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...
net/http: Sensitive headers not cleared on cross-origin redirect in net/http
A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect...
net/http: Sensitive headers not cleared on cross-origin redirect in net/http
A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect...
OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion
Impact This vulnerability affects oauth2-proxy deployments using the skipauthroutes configuration option with regex patterns. The vulnerability allows attackers to bypass authentication by crafting URLs with query parameters that satisfy the configured regex patterns, potentially gaining...
Medium: oci-add-hooks
Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: oci-add-hooks Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about...
OESA-2025-1742 golang security update
. Security Fixes: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.CVE-2025-4673...
TencentOS Server 3: mod_auth_mellon (TSSA-2022:0100)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0100 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
AZL-63716 CVE-2025-4673 affecting package golang for versions less than 1.18.8-9
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...