162 matches found
node-fetch: exposure of sensitive information to an unauthorized actor
A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...
curl: auth/cookie leak on redirect
A vulnerability was found in curl. This security flaw allows leak authentication or cookie header data on HTTP redirects to the same host but another port number. Sending the same set of headers to a server on a different port number is a problem for applications that pass on custom Authorization...
curl: auth/cookie leak on redirect
A vulnerability was found in curl. This security flaw allows leak authentication or cookie header data on HTTP redirects to the same host but another port number. Sending the same set of headers to a server on a different port number is a problem for applications that pass on custom Authorization...
PT-2022-5538 · D Link · D-Link Dir-1935
Name of the Vulnerable Software and Affected Versions: D-Link DIR-1935 version 1.03 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the handling of...
CVE-2022-22700
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant...
Couchbase Server 加密问题漏洞
Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that primarily supports data querying, full-text searching, and active global replication. A cryptographic issue vulnerability exists in Couchbase Server, which stems from the inclusion of plaintext...
PYSEC-2021-363
Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...
CVE-2021-27791
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An...
CVE-2021-27791
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An...
CVE-2021-27791
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An...
CVE-2021-27791
CVE-2021-27791 affects Brocade Fabric OS Web application service prior to v9.0.1a and v8.2.3a. The parsing of the Authentication header can mishandle a malformed header, causing memory addresses outside the intended range to be read. An unauthenticated attacker could bypass authentication as a re...
Brocade Fabric OS 缓冲区错误漏洞
Brocade Fabric OS FOS is an embedded operating system used in switches, routers, and other devices from Brocade. Brocade Fabric OS suffers from a buffer error vulnerability, which can be exploited by an attacker to force an invalid address to be read via the Authentication Header of Brocade Fabri...
Brocade Fabric OS Web application service fails to properly process malformed authentication headers resulting in reading memory addresses outside the intended range. (CVE-2021-27791)
Security Advisory ID : BSA-2021-1491 Component : Web Application Service Revision : 1.1 The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication heade...
CVE-2020-24918
A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to execute arbitrary code in parseauthenticationheader in libamprotocol-rtsp.so.1 in rtspsvc or cause a...
OESA-2021-1126 python-httplib2 security update
httplib2 is a comprehensive HTTP client library, httplib2.py supports many features left out of other HTTP libraries. Security Fixes: httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0"...
DEBIAN-CVE-2021-21240
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...
UBUNTU-CVE-2021-21240
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...
PT-2021-6101
Name of the Vulnerable Software and Affected Versions httplib2 versions prior to 0.19.0 Description A malicious server which responds with long series of xa0 characters in the www-authenticate header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...
curl: HTTP authentication leak in redirects
It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1002)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...