Lucene search
K

162 matches found

RedHat Linux
RedHat Linux
added 2022/10/06 12:26 p.m.3 views

node-fetch: exposure of sensitive information to an unauthorized actor

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...

8.8CVSS7.2AI score0.01646EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/07/01 12:7 a.m.4 views

curl: auth/cookie leak on redirect

A vulnerability was found in curl. This security flaw allows leak authentication or cookie header data on HTTP redirects to the same host but another port number. Sending the same set of headers to a server on a different port number is a problem for applications that pass on custom Authorization...

6.5CVSS7.2AI score0.03425EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/06/30 9:0 p.m.4 views

curl: auth/cookie leak on redirect

A vulnerability was found in curl. This security flaw allows leak authentication or cookie header data on HTTP redirects to the same host but another port number. Sending the same set of headers to a server on a different port number is a problem for applications that pass on custom Authorization...

6.5CVSS7.2AI score0.03425EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/06/14 12:0 a.m.7 views

PT-2022-5538 · D Link · D-Link Dir-1935

Name of the Vulnerable Software and Affected Versions: D-Link DIR-1935 version 1.03 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the handling of...

8.8CVSS8.8AI score0.01006EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/03/03 7:15 p.m.8 views

CVE-2022-22700

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant...

5.3CVSS6AI score0.01098EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/11/02 12:0 a.m.5 views

Couchbase Server 加密问题漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that primarily supports data querying, full-text searching, and active global replication. A cryptographic issue vulnerability exists in Couchbase Server, which stems from the inclusion of plaintext...

7.5CVSS7.3AI score0.00588EPSS
Exploits0References3
OSV
OSV
added 2021/10/06 6:15 p.m.2 views

PYSEC-2021-363

Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...

6.5CVSS7.2AI score0.01196EPSS
Exploits0References4
NVD
NVD
added 2021/08/12 3:15 p.m.10 views

CVE-2021-27791

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An...

5.5CVSS0.00604EPSS
Exploits0References2
OSV
OSV
added 2021/08/12 3:15 p.m.6 views

CVE-2021-27791

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An...

5.4CVSS7.1AI score0.00604EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/08/12 2:27 p.m.20 views

CVE-2021-27791

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An...

6AI score0.00604EPSS
Exploits0References2
CVE
CVE
added 2021/08/12 2:27 p.m.50 views

CVE-2021-27791

CVE-2021-27791 affects Brocade Fabric OS Web application service prior to v9.0.1a and v8.2.3a. The parsing of the Authentication header can mishandle a malformed header, causing memory addresses outside the intended range to be read. An unauthenticated attacker could bypass authentication as a re...

5.5CVSS5.7AI score0.00604EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/05/17 12:0 a.m.4 views

Brocade Fabric OS 缓冲区错误漏洞

Brocade Fabric OS FOS is an embedded operating system used in switches, routers, and other devices from Brocade. Brocade Fabric OS suffers from a buffer error vulnerability, which can be exploited by an attacker to force an invalid address to be read via the Authentication Header of Brocade Fabri...

5.5CVSS6.8AI score0.00604EPSS
Exploits0References4
Broadcom
Broadcom
added 2021/05/10 12:0 a.m.10 views

Brocade Fabric OS Web application service fails to properly process malformed authentication headers resulting in reading memory addresses outside the intended range. (CVE-2021-27791)

Security Advisory ID : BSA-2021-1491 Component : Web Application Service Revision : 1.1 The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication heade...

4.3CVSS6.6AI score0.00604EPSS
Exploits0
Cvelist
Cvelist
added 2021/04/30 11:44 a.m.65 views

CVE-2020-24918

A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to execute arbitrary code in parseauthenticationheader in libamprotocol-rtsp.so.1 in rtspsvc or cause a...

10AI score0.04358EPSS
Exploits1References4
OSV
OSV
added 2021/04/07 11:2 a.m.4 views

OESA-2021-1126 python-httplib2 security update

httplib2 is a comprehensive HTTP client library, httplib2.py supports many features left out of other HTTP libraries. Security Fixes: httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0"...

7.5CVSS7AI score0.03876EPSS
Exploits1References2
OSV
OSV
added 2021/02/08 8:15 p.m.2 views

DEBIAN-CVE-2021-21240

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

7.5CVSS7.6AI score0.03876EPSS
Exploits1References1
OSV
OSV
added 2021/02/08 8:15 p.m.2 views

UBUNTU-CVE-2021-21240

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

7.5CVSS7.1AI score0.03876EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2021/02/08 12:0 a.m.10 views

PT-2021-6101

Name of the Vulnerable Software and Affected Versions httplib2 versions prior to 0.19.0 Description A malicious server which responds with long series of xa0 characters in the www-authenticate header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

7.8CVSS6.8AI score0.03876EPSS
Exploits1References51
RedHat Linux
RedHat Linux
added 2020/02/19 7:36 a.m.55 views

curl: HTTP authentication leak in redirects

It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities...

9.8CVSS7.3AI score0.08031EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.28 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1002)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.5AI score0.08031EPSS
Exploits0References2
Rows per page
Query Builder