1610 matches found
Important: Red Hat Security Advisory: libsoup security update
An update for libsoup is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Security Bulletin: Vulnerabiity in Async Http Client affects watsonx.data
Summary Async Http Client aka async-http-client could allow a remote attacker to bypass security restrictions. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2017-14063 DESCRIPTION: Async Http Client aka async-http-client could allow a remote attacker to bypass security...
Important: libsoup security update
The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict CVE-2024-52531 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...
Important: Red Hat Security Advisory: libsoup security update
An update for libsoup is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Important: libsoup security update
The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict CVE-2024-52531 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...
CVE-2024-45336
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however,...
CVE-2024-45336
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however,...
AZL-56005 CVE-2024-45336 affecting package golang for versions less than 1.23.7-1
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however,...
CVE-2024-45336
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however,...
CVE-2024-45336 Sensitive headers incorrectly sent after cross-domain redirect in net/http
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however,...
CVE-2025-22150
A flaw was found in the undici package for Node.js. Undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests t...
CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2025-1128)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : python-urllib3 (EulerOS-SA-2025-1128)
According to the versions of the python-urllib3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization...
MAL-2025-165 Malicious code in bbc-http-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 607310f08b0c054bccf0fd5902e86de74b458d5c11110bdb411ac30b04c0db95 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in bbc-http-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 607310f08b0c054bccf0fd5902e86de74b458d5c11110bdb411ac30b04c0db95 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE CVE-2024-45336
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however,...
BIT-PYTHON-MIN-2020-26116
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...
Improper Cache Management
github.com/MicahParks/jwkset is vulnerable to Improper Cache Management. The vulnerability is due to the provided HTTP client's local JWK Set cache failing to perform a full replacement during refresh operations. This allows outdated or revoked keys to remain in the cache, posing a security risk...