SUSE SLED15 / SLES15 Security Update : go1.25-openssl (SUSE-SU-2026:2079-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2079-1 advisory. This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when...

Azure Linux 3.0 Security Update: python-waitress (CVE-2022-24761)

The version of python-waitress installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24761 advisory. - Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions...

TencentOS Server 3: mod_http2 (TSSA-2022:0259)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0259 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EUVD-2020-12723

Malware in sbrugna...

EUVD-2017-11967

Malware in sbrugna...

EUVD-2024-43810

Malicious code in bioql PyPI...

EUVD-2025-15453

Malicious code in bioql PyPI...

OESA-2025-2171 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP respons...

Security update for apache2

This update for apache2 fixes the following issues: CVE-2024-42516: Fixed HTTP response splitting. bsc1246477 CVE-2024-43204: Fixed a SSRF when modproxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. bsc1246305 CVE-2024-47252: Fixed insufficient...

SUSE-SU-2025:02684-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-42516: Fixed HTTP response splitting. bsc1246477 - CVE-2024-43204: Fixed a SSRF when modproxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. bsc1246305 - CVE-2024-47252: Fixed insufficie...

CVE-2020-5883

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTPPROXYREQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak...

CVE-2025-47791

The vulnerability CVE-2025-47791 affects Nextcloud Server (self-hosted) and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3. The issue is an improperly protected, currently unused endpoint used to verify a share recipient, which could proxy requests to another server. Affected v...

PT-2025-21657 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.13 Nextcloud Server versions prior to 29.0.10 Nextcloud Server versions prior to 30.0.3 Nextcloud Enterprise Server versions prior to 28.0.13 Nextcloud Enterprise Server versions prior to 29.0.10...

Session Hijacking

code-server is vulnerable to session hijacking. The vulnerability is due to insufficient validation of proxy request URLs, specifically the failure to properly validate the port and domain in requests using the /proxy subpath, allows attackers to redirect traffic—including session cookies—to...

CVE-2025-47269 code-server session cookie can be extracted by having user visit specially crafted proxy URL

code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can result in proxying to a...

GHSA-P483-WPFP-42CJ code-server's session cookie can be extracted by having user visit specially crafted proxy URL

Summary A maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Details Failure to properly validate the port for a proxy request can result in proxying to an arbitrary domain. The malicious URL https:///proxy/[email protected]/path would be...

code-server's session cookie can be extracted by having user visit specially crafted proxy URL

Summary A maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Details Failure to properly validate the port for a proxy request can result in proxying to an arbitrary domain. The malicious URL https:///proxy/[email protected]/path would be...

CVE-2025-46728

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

RHEL 4 : python_cgihandler (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - Python CGIHandler: sets environmental variable based on user supplied Proxy request header CVE-2016-1000110 Note th...

GHSA-3F57-W2RP-72FC Undertow Uncaught Exception vulnerability

A long URL proxy request lead to java.nio.BufferOverflowException in Undertow...