104 matches found
SUSE CVE-2025-31135
Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...
GO-2025-3588 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times in github.com/phires/go-guerrilla
Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times in github.com/phires/go-guerrilla...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation due to the handling of the PROXY command. An attacker can spoof their IP address by sending multiple PROXY commands, with later ones overriding earlier ones. Note: This is only exploitable if ProxyOn is enabled...
GHSA-C2C3-PQW5-5P7C Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times
Summary The PROXY command is accepted multiple times, allowing a client to spoof its IP address when the proxy protocol is being used. Details When ProxyOn is enabled, it looks like the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protoc...
CVE-2025-31135
Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...
CVE-2025-31135
CVE-2025-31135 affects Go-Guerrilla SMTP Daemon. Before version 1.6.7, when ProxyOn is enabled, the PROXY command may be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol supports only a single initial PROXY header; subsequent PROXY commands are treated a...
CVE-2025-31135 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times
Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...
CVE-2025-31135 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times
Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...
CVE-2025-31135 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times
Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...
CVE-2024-41783
IBM Sterling Secure Proxy is affected across versions 6.0.0.0–6.2.0.0 by an improper validation of a specified input type that could allow a privileged user to inject commands into the underlying OS. The vulnerability’s root cause is input validation failure, with a CVSS v3.1 base score of 9.1 (C...
libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
CLSA-2024-1709562050 libssh: Fix of 2 CVEs
CVE-2023-6004: fix the possibility of injections through a hostname parameter in the ProxyCommand/ProxyJump features - CVE-2023-6918: fix the issue when unchecked return values for digests may cause DoS...
OESA-2024-1123 libssh security update
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...
CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command Vulnerability
CloudLinux CageFS versions 7.0.8-2 and below insufficiently restrict file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment. CloudLinux CageFS Insufficiently Restricted Proxy Command Link:...
CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CloudLinux CageFS Insufficiently Restricted Proxy Command Link: https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02CloudLinuxCageFSInsufficientlyRestrictedProxyCommands Vulnerability Overview CloudLinux CageFS 7.0.8-2 or...
USN-6592-1 libssh vulnerabilities
It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features mentioned through the hostname parameter. CVE-2023-6004 It was discovered that libssh incorrectl...
OESA-2024-1045 libssh security update
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...
OESA-2024-1044 libssh security update
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...
OESA-2024-1040 libssh security update
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...
AZL-34942 CVE-2023-6004 affecting package libssh for versions less than 0.10.6-1
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...