33 matches found
CVE-2026-48615
A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...
CVE-2026-48615
CVE-2026-48615 : A flaw in Node.js proxy tunnel error handling can expose embedded proxy credentials in ERR_PROXY_TUNNEL messages. The issue affects all supported release lines (Node.js 22, 24, and 26) and can lead to credentials being captured via error paths, logs, or diagnostics. The SUSE secu...
EUVD-2026-39606
A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...
libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...
libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...
RockyLinux 10 : python3.12 (RLSA-2026:19064)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19064 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...
libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...
TencentOS Server 3: libsoup (TSSA-2026:0368)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0368 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
OESA-2026-2380 libsoup3 security update
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fixes: A flaw was found in libsoup. When establishing HTTPS tunnels throu...
libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...
python: Python: HTTP header injection via CR/LF in proxy tunnel headers
A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...
python: Python: HTTP header injection via CR/LF in proxy tunnel headers
A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...
libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...
python: Python: HTTP header injection via CR/LF in proxy tunnel headers
A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...
python: Python: HTTP header injection via CR/LF in proxy tunnel headers
A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...
ALSA-2026:19019 Important: python3.14 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...
python: Python: HTTP header injection via CR/LF in proxy tunnel headers
A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...
ALSA-2026:10950 Important: python3.12 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
BIT-PYTHON-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...