315 matches found
OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Kerberos. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos...
Important: Red Hat Security Advisory: java-1.8.0-ibm security update
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2019-17598
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...
OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Kerberos. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos...
OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Kerberos. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos...
OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Kerberos. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos...
OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Kerberos. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos...
CVE-2019-6158
An internal product security audit of Lenovo XClarity Administrator LXCA discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x...
CVE-2019-6158
An internal product security audit of Lenovo XClarity Administrator LXCA discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x...
CVE-2019-6158
An internal product security audit of Lenovo XClarity Administrator LXCA discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x...
XClarity Administrator (LXCA) Service Data May Include Proxy Credentials - US
Lenovo Security Advisory: LEN-26141 Potential Impact: Information disclosure Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-6158 Summary Description: An internal product security audit of Lenovo XClarity Administrator LXCA discovered HTTP proxy credentials being written ...
Haxx curl information disclosure vulnerability (CNVD-2018-17870)
Haxx curl is a set of file transfer tools from the Swedish company Haxx that work on the command line using URL syntax, the tool supports file uploads and downloads, and includes a libcurl client-side URL transfer library for program development. An information disclosure vulnerability exists in...
CVE-2003-1605
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server...
DEBIAN-CVE-2003-1605
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server...
CVE-2003-1605
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server...
CVE-2003-1605
CVE-2003-1605 affects curl 7.x before 7.10.7. The vulnerability arises when curl connects to a site via an HTTP proxy using CONNECT, causing the proxy username/password to be sent to the remote server. This can lead to credential leakage of proxy authentication data. Public documents consistently...
CVE-2003-1605
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server...
CVE-2003-1605
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server...
commandline package update tool zypper proxy certificate write log file vulnerability
commandline package update tool zypper is a commandline tool for updating zypper packages. A security vulnerability exists in commandline package update tool zypper, which originates when the program writes HTTP proxy credentials to the log. A local attacker can use this vulnerability to gain...
UBUNTU-CVE-2017-9271
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used...