538 matches found
CVE-2026-1539
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...
CVE-2026-1539 Libsoup: libsoup: credential leakage via http redirects
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...
libsoup security vulnerabilities
Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a security vulnerability that stems from failing to remove the Proxy-Authorization header when handling HTTP redirection, which may lead to the exposure of proxy credentials...
Medium: python3-urllib3
Issue Overview: urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possib...
MiracleLinux 7 : python-urllib3-1.10.2-7.0.1.el7.AXS7 (AXSA:2024-9026:07)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9026:07 advisory. CVE-2024-37891: strip Proxy-Authorization header on redirects CVEs: CVE-2024-37891 urllib3 is a user-friendly HTTP client library for Python. When using...
MiracleLinux 8 : python38:3.8 and python38-devel:3.8 (AXSA:2023-7324:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7324:01 advisory. python: tarfile module directory traversal CVE-2007-4559 python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has...
MiracleLinux 9 : python-requests-2.25.1-7.el9 (AXSA:2023-6284:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6284:01 advisory. python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has extracted the preceding description block directly from the...
MiracleLinux 9 : python3.11-urllib3-1.26.12-2.el9.1 (AXSA:2024-9170:04)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9170:04 advisory. urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 Tenable has extracted the preceding description bloc...
MiracleLinux 8 : python-requests-2.20.0-3.el8 (AXSA:2023-6324:02)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6324:02 advisory. python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has extracted the preceding description block directly from the...
MiracleLinux 7 : python-pip-9.0.3-8.0.1.el7.AXS7 (AXSA:2024-8982:05)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8982:05 advisory. CVE-2024-37891: strip Proxy-Authorization header on redirects CVEs: CVE-2024-37891 urllib3 is a user-friendly HTTP client library for Python. When using...
MiracleLinux 8 : python39:3.9 and python39-devel:3.9 (AXSA:2023-7325:03)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7325:03 advisory. python: tarfile module directory traversal CVE-2007-4559 python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has...
MiracleLinux 9 : python3.12-urllib3-1.26.18-2.el9.1 (AXSA:2024-9270:02)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9270:02 advisory. urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 Tenable has extracted the preceding description bloc...
MiracleLinux 8 : python3.12-urllib3-1.26.19-1.el8_10 (AXSA:2024-8976:01)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8976:01 advisory. urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 Tenable has extracted the preceding description bloc...
EulerOS Virtualization 2.13.0 : python-pip (EulerOS-SA-2025-2616)
According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers...
EulerOS 2.0 SP13 : python-pip (EulerOS-SA-2025-2510)
According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected...
TencentOS Server 3: python3.11-urllib3 (TSSA-2024:0797)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0797 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
TencentOS Server 4: python-urllib3 (TSSA-2024:0551)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0551 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
TencentOS Server 4: git-lfs (TSSA-2025:0730)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0730 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2019-13057)
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN database admin privileges for certain databases but wants to maintain isolation e.g., for multi-tenant deployments, slapd does not properly stop a rootDN from requesting authorization a...
EUVD-2014-0098
Malware in sbrugna...