SUSE-SU-2026:21823-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2026-1642: plain text data injection into the response from an upstream proxied server bsc1257675. - CVE-2026-27654: buffer overflow in the NGINX worker process via the ngxhttpdavmodule module bsc1260416. - CVE-2026-27784: NGINX worker memor...

Wazuh 安全漏洞

Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. Versions of Wazuh from 4.0.0 to 4.14.4 contained security vulnerabilities. These...

CVE-2026-27877 Public dashboards discloses all direct mode datasources

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

CLSA-2025-1763467263 Fix CVE(s): CVE-2025-62168

SECURITY UPDATE: information disclosure via HTTP authentication credentials - debian/patches/CVE-2025-62168.patch: Fix bug causing visibility of proxy auth data to scripts by redacting credentials from error page code expansion output and mailto link generation - CVE-2025-62168...

SUSE SLES15 Security Update : squid (SUSE-SU-2025:3902-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:3902-1 advisory. - CVE-2025-62168: Fixed proxy auth data visible to scripts bsc1252281. Tenable has extracted the preceding description block directly from t...

SUSE-SU-2025:3902-1 Security update for squid

This update for squid fixes the following issues: - CVE-2025-62168: Fixed proxy auth data visible to scripts bsc1252281...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Nov-2022 Release 1, which stems from improper access control and could...

PT-2025-35901

Name of the Vulnerable Software and Affected Versions: MiscPolicy versions prior to SMR Nov-2022 Release 1 Description: An improper access control issue exists in the retrieveExternalProxy function. This allows a local attacker to access Proxy information. Recommendations: Update to SMR Nov-2022...

Flask 安全漏洞

Pallets Project Flask is a lightweight WSGI Web Server Gateway Interface application framework from the Pallets Project. A security vulnerability exists in Flask where a data response for one client may be cached and later sent by a proxy to other clients...

Checkmk 安全漏洞

Checkmk is an editor. A security vulnerability exists in Checkmk that stems from an error mishandling that causes symmetric encryption of proxy data to fail and transmit data in plaintext. The following products and versions are affected: Tribe29 Checkmk 2.1.0p25 and earlier, 2.0.0p34 and earlier...

SUSE CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

DEBIAN-CVE-2016-1000107

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an...

Multiple Microsoft Internet Explorer vulnerabilities

Code execution, memory corruption, download dialog manipulation, unencrypted HTTPS proxy data leak...

libxml2 various overflows

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 libxml2, and possibly other versions, may allow remote attackers to execute arbitrary code via 1 a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, 2 a long proxy URL containing FTP data that is not properly handled...