Lucene search
K

534 matches found

OSV
OSV
added 2025/09/26 1:8 p.m.4 views

OESA-2025-2339 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 5 Summary: A...

6.1CVSS6.8AI score0.02782EPSS
Exploits1References2
OSV
OSV
added 2025/09/26 1:8 p.m.4 views

OESA-2025-2338 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 5 Summary: A...

6.1CVSS6.8AI score0.02782EPSS
Exploits1References2
OSV
OSV
added 2025/09/26 1:8 p.m.5 views

OESA-2025-2337 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 5 Summary: A...

6.1CVSS6.8AI score0.02782EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/09/24 12:0 a.m.2 views

Ubuntu: Security Advisory (USN-7762-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.02782EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2025/09/24 12:0 a.m.5 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : pip vulnerabilities (USN-7762-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7762-1 advisory. Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could...

7.5CVSS6.5AI score0.02782EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2025/09/23 8:27 a.m.0 views

net/http: Sensitive headers not cleared on cross-origin redirect in net/http

A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect...

6.8CVSS7.2AI score0.0056EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/09/16 12:59 a.m.2 views

net/http: Sensitive headers not cleared on cross-origin redirect in net/http

A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect...

6.8CVSS7.2AI score0.0056EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2025/09/10 12:0 a.m.3 views

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2025-2039)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.7AI score0.0056EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/09/08 1:27 a.m.3 views

net/http: Sensitive headers not cleared on cross-origin redirect in net/http

A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect...

6.8CVSS7.2AI score0.0056EPSS
Exploits0References8
OSV
OSV
added 2025/08/22 11:36 a.m.4 views

OESA-2025-2068 restic security update

restic is a backup program. It supports verification, encryption, snapshots and deduplication. Security Fixes: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.CVE-2025-4673...

6.8CVSS6.9AI score0.0056EPSS
Exploits0References2
OSV
OSV
added 2025/08/22 11:36 a.m.4 views

OESA-2025-2067 restic security update

restic is a backup program. It supports verification, encryption, snapshots and deduplication. Security Fixes: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.CVE-2025-4673...

6.8CVSS6.9AI score0.0056EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/14 4:48 p.m.8 views

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-45339 DESCRIPTION: When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log fil...

8.8CVSS7.9AI score0.03239EPSS
Exploits13Affected Software1
OSV
OSV
added 2025/08/13 8:6 p.m.5 views

CLSA-2025-1755115606 golang: Fix of CVE-2025-4673

CVE-2025-4673: remove Proxy-Authorization and Proxy-Authenticate headers from cross-origin redirects to prevent sensitive information leakage...

6.8CVSS6.8AI score0.0056EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2025-4673

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Note that Nessus...

6.8CVSS6.6AI score0.0056EPSS
Exploits0References4
CVE
CVE
added 2025/07/30 7:57 p.m.19 views

CVE-2025-54581

vproxy CVE-2025-54581 affects versions 2.3.3 and earlier, where untrusted data from the HTTP Proxy-Authorization header can be parsed as a TTL value. If ttl is 0 (e.g., via a username like 'configuredUser-ttl-0'), the modulo operation timestamp % ttl causes a division-by-zero panic, leading to a ...

7.5CVSS6.3AI score0.00541EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/30 7:57 p.m.4 views

CVE-2025-54581 vproxy is vulnerable to a divide by zero DoS attack

vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed as a TTL value. If an attacker supplies a TTL of zero...

7.5CVSS6.3AI score0.00541EPSS
Exploits0References3
OSV
OSV
added 2025/07/30 4:33 p.m.3 views

GHSA-7H24-C332-P48C vproxy Divide by Zero DoS Vulnerability

Summary Untrusted, user-controlled data from the HTTP Proxy-Authorization header can induce a denial of service state. Details Untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed ...

7.5CVSS7.2AI score0.00541EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/07/30 4:33 p.m.9 views

vproxy Divide by Zero DoS Vulnerability

Summary Untrusted, user-controlled data from the HTTP Proxy-Authorization header can induce a denial of service state. Details Untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed ...

7.5CVSS7.2AI score0.00541EPSS
Exploits0References5Affected Software1
Amazon
Amazon
added 2025/07/30 12:0 a.m.4 views

Medium: containerd

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: containerd Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon...

6.8CVSS7AI score0.0056EPSS
Exploits0
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.2 views

vproxy 数字错误漏洞

vproxy is a high performance HTTP/HTTPS/SOCKS5 proxy server software by 0x676e67 individual developer. A numeric error vulnerability exists in vproxy 2.3.3 and earlier versions, which stems from the handling of the Proxy-Authorization header that can lead to a divide-by-zero crash, resulting in a...

7.5CVSS6.3AI score0.00541EPSS
Exploits0References3
Rows per page
Query Builder