Lucene search
K

2577 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in libsoup2.4

A flaw was discovered in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user with respect to the original host that issued the redirect...

6.8CVSS6.8AI score0.00478EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 9:52 p.m.13 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.7AI score0.00254EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/19 9:52 p.m.11 views

Moderate: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/05/19 4:16 p.m.11 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.7AI score0.00254EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/19 4:16 p.m.34 views

libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.8AI score0.00829EPSS
Exploits1References5
OSV
OSV
added 2026/05/19 12:0 a.m.9 views

ALSA-2026:19143 Moderate: libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

8.2CVSS5.9AI score0.00829EPSS
Exploits2References6
OSV
OSV
added 2026/05/19 12:0 a.m.10 views

ALSA-2026:19356 Moderate: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 For more details about the security issues, including the impact, a CVSS score,...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.10 views

RHEL 9 : libsoup (RHSA-2026:19356)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19356 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext...

8.2CVSS5.9AI score0.00254EPSS
Exploits1References5
Broadcom
Broadcom
added 2026/05/19 12:0 a.m.26 views

Security update provided in Brocade ASCG3.4.0b Base OS (OVA Deployment) for glib2 (CVE-2025-13601), libsoup (CVE-2025-14523, CVE-2026-0719, CVE-2026-1761), libpng (CVE-2025-64720, CVE-2025-65018, CVE-2025-66293),  python-urllib3 (CVE-2025-66418, CVE-2025-66471, CVE-2026-21441), gnupg2 (CVE-2025-68973)

Security update provided in Brocade ASCG3.4.0b Base OS OVA Deployment for glib2 CVE-2025-13601, libsoup CVE-2025-14523, CVE-2026-0719, CVE-2026-1761, libpng CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, python-urllib3 CVE-2025-66418, CVE-2025-66471, CVE-2026-21441, gnupg2 CVE-2025-68973 Product...

8.9CVSS6.8AI score0.02667EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.11 views

RHEL 10 : libsoup3 (RHSA-2026:19143)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19143 advisory. Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup,...

8.2CVSS5.9AI score0.00829EPSS
Exploits2References7
AlmaLinux
AlmaLinux
added 2026/05/19 12:0 a.m.11 views

Moderate: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 For more details about the security issues, including the impact, a CVSS score,...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References4
OSV
OSV
added 2026/05/16 5:30 p.m.13 views

CLSA-2026-1778836031 libsoup: Fix of CVE-2026-2708

CVE-2026-2708: reject duplicate Content-Length headers with different values to prevent HTTP request smuggling per RFC 9110 section 7.7...

5.3CVSS5.8AI score0.00321EPSS
Exploits1References1
OSV
OSV
added 2026/05/15 10:15 a.m.11 views

RHSA-2026:17482 Red Hat Security Advisory: libsoup3 security update

Bulletin has no description...

5.9CVSS5.7AI score0.00829EPSS
Exploits2References13
OSV
OSV
added 2026/05/14 7:56 p.m.8 views

CLSA-2026-1778772686 libsoup: Fix of CVE-2026-2369

CVE-2026-2369: fix integer underflow in sniffunknown on zero-length buffer that caused an out-of-bounds read in the content sniffer...

9.1CVSS5.9AI score0.0042EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/14 9:16 a.m.17 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.7AI score0.00254EPSS
Exploits1References5
OSV
OSV
added 2026/05/13 9:1 a.m.11 views

CLSA-2026-1778662869 libsoup: Fix of CVE-2026-2369

CVE-2026-2369: fix integer underflow in sniffunknown on zero-length buffer that caused an out-of-bounds read in the content sniffer...

9.1CVSS5.9AI score0.0042EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2026/05/13 12:0 a.m.3 views

The vulnerability of the library that accesses HTTP servers via LibSoup allows a perpetrator to gain access to confidential data or cause service failures.

The vulnerability of the LibSoup library for HTTP servers is related to a countable loss of significance. Exploiting this vulnerability could allow an attacker to gain access to confidential data or cause service failures...

6.5CVSS6.6AI score0.0042EPSS
Exploits0References9Affected Software5
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.9 views

RockyLinux 10 : libsoup3 (RLSA-2026:15968)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:15968 advisory. libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server CVE-2026-4271 libsoup: libsoup: Information disclosure via cleartext transmissi...

8.2CVSS5.8AI score0.00829EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/05/11 9:39 p.m.42 views

libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.8AI score0.00829EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/11 9:39 p.m.10 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.7AI score0.00254EPSS
Exploits1References5
Rows per page
Query Builder