2577 matches found
Astra Linux – Vulnerability in libsoup2.4
A flaw was discovered in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user with respect to the original host that issued the redirect...
libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...
Moderate: Red Hat Security Advisory: libsoup security update
An update for libsoup is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...
libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...
ALSA-2026:19143 Moderate: libsoup3 security update
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...
ALSA-2026:19356 Moderate: libsoup security update
The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 For more details about the security issues, including the impact, a CVSS score,...
RHEL 9 : libsoup (RHSA-2026:19356)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19356 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext...
Security update provided in Brocade ASCG3.4.0b Base OS (OVA Deployment) for glib2 (CVE-2025-13601), libsoup (CVE-2025-14523, CVE-2026-0719, CVE-2026-1761), libpng (CVE-2025-64720, CVE-2025-65018, CVE-2025-66293), python-urllib3 (CVE-2025-66418, CVE-2025-66471, CVE-2026-21441), gnupg2 (CVE-2025-68973)
Security update provided in Brocade ASCG3.4.0b Base OS OVA Deployment for glib2 CVE-2025-13601, libsoup CVE-2025-14523, CVE-2026-0719, CVE-2026-1761, libpng CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, python-urllib3 CVE-2025-66418, CVE-2025-66471, CVE-2026-21441, gnupg2 CVE-2025-68973 Product...
RHEL 10 : libsoup3 (RHSA-2026:19143)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19143 advisory. Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup,...
Moderate: libsoup security update
The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 For more details about the security issues, including the impact, a CVSS score,...
CLSA-2026-1778836031 libsoup: Fix of CVE-2026-2708
CVE-2026-2708: reject duplicate Content-Length headers with different values to prevent HTTP request smuggling per RFC 9110 section 7.7...
RHSA-2026:17482 Red Hat Security Advisory: libsoup3 security update
Bulletin has no description...
CLSA-2026-1778772686 libsoup: Fix of CVE-2026-2369
CVE-2026-2369: fix integer underflow in sniffunknown on zero-length buffer that caused an out-of-bounds read in the content sniffer...
libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...
CLSA-2026-1778662869 libsoup: Fix of CVE-2026-2369
CVE-2026-2369: fix integer underflow in sniffunknown on zero-length buffer that caused an out-of-bounds read in the content sniffer...
The vulnerability of the library that accesses HTTP servers via LibSoup allows a perpetrator to gain access to confidential data or cause service failures.
The vulnerability of the LibSoup library for HTTP servers is related to a countable loss of significance. Exploiting this vulnerability could allow an attacker to gain access to confidential data or cause service failures...
RockyLinux 10 : libsoup3 (RLSA-2026:15968)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:15968 advisory. libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server CVE-2026-4271 libsoup: libsoup: Information disclosure via cleartext transmissi...
libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...
libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...