21 matches found
SUSE CVE-2026-42498
Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...
CVE-2026-42498
CVE-2026-42498 affects Apache Tomcat across multiple branches (7.0.83–7.0.109, 8.5.24–8.5.100, 9.0.2–9.0.117, 10.1.0-M1–10.1.54, 11.0.0-M1–11.0.21). Root cause: exposure of the HTTP Authentication header to unintended hosts during WebSocket authentication, enabling header leakage when a WebSocket...
Improper Validation of Syntactic Correctness of Input
Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the region input field. An attacker can cause AWS API calls to be routed to unintended or non-existent hosts by supplying an invalid...
EulerOS Virtualization 2.13.0 : sudo (EulerOS-SA-2025-2600)
According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed user...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: sudo (UTSA-2025-345443)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-345443 advisory. Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on...
EulerOS 2.0 SP12 : sudo (EulerOS-SA-2025-2029)
According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute...
EulerOS 2.0 SP10 : sudo (EulerOS-SA-2025-2116)
According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute...
EulerOS 2.0 SP9 : sudo (EulerOS-SA-2025-2121)
According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute...
EulerOS 2.0 SP11 : sudo (EulerOS-SA-2025-1944)
According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute...
EulerOS 2.0 SP11 : sudo (EulerOS-SA-2025-1970)
According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute...
CLSA-2025-1753799668 Fix CVE(s): CVE-2025-32462
SECURITY UPDATE: unauthorized commands execution on unintended hosts - debian/patches/CVE-2025-32462.patch: restrict user from setting remote host for command unless listing privileges - CVE-2025-32462...
Important: sudo
Issue Overview: Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines. CVE-2025-32462 Affected Packages: sudo Note: This advisory is applicable to Amazon Linux 2 AL2 Core...
OESA-2025-1737 sudo security update
Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: Sudo before 1.9.17p1, when used with a sudoers file that...
DEBIAN-CVE-2025-32462
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines...
AZL-64461 CVE-2025-32462 affecting package sudo for versions less than 1.9.17-1
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines...
CVE-2025-32462
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines...
Astra Linux – Vulnerability in sudo
Before version 1.9.17p1, when the sudo command was used together with a sudoers file that specified a host that was neither the current host nor ALL, it allowed listed users to execute commands on unintended machines...
Authorization HTTP Header Leakage
Urllib3 is vulnerable to Information Disclosure. The vulnerability exists in cross-origin redirects, due to authorization HTTP header leakage. This can result in the authorization header being leaked to unintended hosts after a redirect, which results in information disclosure. This vulnerability...
Authorization
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this...
GHSA-WWW2-V7XJ-XRC6 Exposure of Sensitive Information to an Unauthorized Actor in urllib3
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext...