Polipo 缓冲区错误漏洞

Polipo is a small proxy server software. Polipo suffers from a buffer error vulnerability that stems from a heap-based buffer overflow allowed during parsing of Range headers when NDEBUG is used. Note: This vulnerability only affects products that are no longer supported by the maintainer...

HTTP/2 Request Smuggling

HTTP Request Smuggling also known as an HTTP Desync Attack has experienced a resurgence in security research recently, thanks in large part to the outstanding work by security researcher James Kettle. His 2019 Blackhat presentation on HTTP Desync attacks exposed vulnerabilities with different...

The vulnerability of the SAP NetWeaver integration platform, related to the lack of measures taken to protect the structure of the web page, allows a hacker to intercept the session of administrators or users of web resources.

The vulnerability of the ProxyServer server of the SAP NetWeaver software integration platform is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor, operating remotely, to intercept the session of administrators ...

Polipo 安全漏洞

Polipo is a small proxy server software. A security vulnerability exists in Polipo that allows denial of service via reachable assertions when parsing an incorrectly formatted Range header...

Apple Will Offer Onion Routing for iCloud/Safari Users

At this years Apple Worldwide Developer Conference, Apple announced something called "iCloud Private Relay." Thats basically its private version of onion routing, which is what Tor does. Privacy Relay is built into both the forthcoming iOS and MacOS versions, but it will only work if youre an...

Fedora: Security Advisory for squid (FEDORA-2021-24af72ff2c)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Potential request smuggling capabilities due to lack of input validation

Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...

RUSTSEC-2021-0081 Potential request smuggling capabilities due to lack of input validation

Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...

GHSA-8FXC-QM65-VPXG Temporary urls leaked via logging

In OpenStack Swift prior to 2.15.2, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected...

Important: Red Hat Security Advisory: nginx:1.16 security update

An update for the nginx:1.16 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.1 Extended Update Support, and Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

Important: nginx:1.16 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 For more details about the...

ALSA-2021:2290 Important: nginx:1.16 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 For more details about the...

RLSA-2021:2259 Important: nginx:1.18 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 For more details about the...

nginx:1.18 security update

An update is available for nginx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other protocols, with a foc...

ALSA-2021:2259 Important: nginx:1.18 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 For more details about the...

CVE-2017-8761

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected...

CVE-2017-8761

OpenStack Swift CVE-2017-8761 affects proxy-server in Swift versions up to 2.14.0 (including 2.10.1, 2.11.0–2.13.0, 2.14.0). The proxy-server logs full tempurl paths, potentially exposing reusable tempurl signatures to anyone with read access to logs. All Swift deployments using the tempurl middl...

CVE-2017-8761

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected...

The vulnerability of the Squid proxy server arises from insufficient validation of the data entered by users during the sending of HTTP responses. This allows attackers to trigger a service failure.

The vulnerability of the Squid proxy server exists due to insufficient validation of the data entered by users when sending HTTP responses. Exploiting this vulnerability allows a malicious actor to cause service interruptions remotely...

The vulnerability of the Cache Manager API of the Squid proxy server allows a hacker to induce a service failure.

The vulnerability of the Squid proxy server’s Cache Manager API component is related to memory release errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...