539 matches found
Fedora 45 : libsoup3 (2026-6fb683df94)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6fb683df94 advisory. Automatic update for libsoup3-3.6.6-6.fc45. Changelog Thu Mar 19 2026 Milan Crha - 3.6.6-6 - Add patch for CVE-2026-1539 Also remove Proxy-Authorization head...
OPENSUSE-SU-2026:20384-1 Security update for libsoup
This update for libsoup fixes the following issues: Update to libsoup 3.6.6: - CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion bsc1252555. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049:...
RockyLinux 8 : python27:2.7 (RLSA-2023:7042)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:7042 advisory. python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has extracted the preceding description block directly from the RockyLinux...
MiracleLinux 9 : fence-agents-4.10.0-98.el9_7.10 (AXBA:2026-317:06)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2026-317:06 advisory. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is...
PT-2026-26175
Summary ewe's chunked transfer encoding trailer handling merges declared trailer fields into req.headers after body parsing, but the denylist only blocks 9 header names. Security-sensitive headers like authorization, cookie, and x-forwarded-for can be injected or overwritten by a malicious client...
CVE-2026-3784
CVE-2026-3784 affects curl where an HTTP proxy connection reused during a CONNECT request with different proxy credentials. This is the underlying issue described in the initial CVE entry: a separate connection should be used when credentials differ. Connected feeds indicate a patch is available ...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup2 (SUSE-SU-2026:0811-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0811-1 advisory. - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects bsc1257441...
RLSA-2023:7034 Moderate: python39:3.9 and python39-devel:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
RLSA-2023:7050 Moderate: python38:3.8 and python38-devel:3.8 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
python38:3.8 and python38-devel:3.8 security update
An update is available for module.modwsgi, module.python-psutil, python-packaging, module.Cython, module.python3x-setuptools, module.python-wcwidth, module.python-ply, python-psycopg2, python-psutil, python-chardet, module.python-pluggy, python-lxml, python-pysocks, python-wcwidth, python-pluggy,...
RockyLinux 8 : python38:3.8 and python38-devel:3.8 (RLSA-2023:7050)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7050 advisory. python: tarfile module directory traversal CVE-2007-4559 python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has...
USN-8020-1: libsoup vulnerabilities
It was discovered that libsoup did not correctly handle certain URL-decoded input, which could allow for HTTP header injection. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2026-1467, CVE-2026-1536 It was discovered that libsoup did n...
Medium: python3.13-pip
Issue Overview: urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possib...
Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1412)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1412 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expecte...
SUSE CVE-2026-1539
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...
CVE-2026-1539
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...
CVE-2026-1539
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...
UBUNTU-CVE-2026-1539
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...
CVE-2026-1539
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...