Lucene search
K

104 matches found

Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.5 views

FreeBSD Security Advisory - FreeBSD-SA-25:08.openssl

FreeBSD Security Advisory - FreeBSD includes software from the OpenSSL Project. OpenSSL suffers from some new vulnerabilities. An application trying to decrypt cryptographic message syntax CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. A timing...

7.5CVSS7.1AI score0.02234EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.4 views

OpenSSL Security Advisory 20250930

OpenSSL Security Advisory 20250930 - An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the "noproxy" environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address...

7.5CVSS6.9AI score0.02234EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.10 views

PT-2025-39988

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0.16 through 3.5.0 EDK II affected versions not specified Description An issue has been identified in OpenSSL where an application using the HTTP client API functions may trigger an out-of-bounds read if the no proxy...

9.1CVSS7.1AI score0.75116EPSS
Exploits3References81
FreeBSD
FreeBSD
added 2025/09/30 12:0 a.m.16 views

OpenSSL -- multiple vulnerabilities

The OpenSSL project reports reports: Out-of-bounds read & write in RFC 3211 KEK Unwrap Timing side-channel in SM2 algorithm on 64-bit ARM Fix Out-of-bounds read in HTTP client noproxy handling...

7.5CVSS7AI score0.02234EPSS
Exploits0References1
OSV
OSV
added 2025/04/18 1:49 p.m.4 views

OESA-2025-1427 golang security update

. Security Fixes: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied.CVE-2025-22870...

4.4CVSS6.9AI score0.00384EPSS
Exploits2References2
OSV
OSV
added 2025/03/12 7:15 p.m.5 views

AZL-58443 CVE-2025-22870 affecting package vitess for versions less than 19.0.4-7

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00384EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.6 views

AZL-58452 CVE-2025-22870 affecting package golang for versions less than 1.18.8-8

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00384EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.5 views

AZL-58402 CVE-2025-22870 affecting package vitess for versions less than 17.0.7-7

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00384EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.10 views

AZL-58404 CVE-2025-22870 affecting package azcopy for versions less than 10.25.1-5

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00384EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.8 views

AZL-58392 CVE-2025-22870 affecting package golang for versions less than 1.22.7-4

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00384EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.6 views

AZL-58472 CVE-2025-22870 affecting package prometheus for versions less than 2.45.4-12

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00384EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.7 views

AZL-58469 CVE-2025-22870 affecting package packer for versions less than 1.9.5-9

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00384EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.4 views

AZL-58419 CVE-2025-22870 affecting package influxdb for versions less than 2.7.5-4

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00384EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.10 views

AZL-58396 CVE-2025-22870 affecting package packer for versions less than 1.9.5-12

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00384EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.6 views

AZL-58446 CVE-2025-22870 affecting package git-lfs for versions less than 3.6.1-2

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00384EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.6 views

AZL-58380 CVE-2025-22870 affecting package git-lfs for versions less than 3.5.1-5

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS7.1AI score0.00384EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.7 views

AZL-58416 CVE-2025-22870 affecting package telegraf for versions less than 1.31.0-7

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00384EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.4 views

AZL-58386 CVE-2025-22870 affecting package influxdb for versions less than 2.6.1-22

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00384EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2025/03/12 7:15 p.m.4 views

CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.7AI score0.00384EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2025/03/12 7:15 p.m.4 views

DEBIAN-CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.3AI score0.00384EPSS
Exploits2References1
Rows per page
Query Builder