ROS-20251002-01

A vulnerability in the Privoxy proxy server with advanced web content filtering functions is related to insufficient validation of user data in the "processencryptedrequestheaders" function. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A...

ODoQ: Oblivious DNS-Over-QUIC

The Domain Name System DNS, which converts domain names to their respective IP addresses, has advanced enhancements aimed at safeguarding DNS data and users' identity from attackers. The recent privacy-focused advancements have enabled the IETF to standardize several protocols. Nevertheless, thes...

Linux Distros Unpatched Vulnerability : CVE-2016-6624

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server...

RHEL 7 : squid (RHSA-2025:14414)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14414 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: denial of...

Linux Distros Unpatched Vulnerability : CVE-2017-8761

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures ...

[SECURITY] [DSA 5982-1] squid security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5982-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 21, 2025 https://www.debian.org/security/faq -...

Linux Distros Unpatched Vulnerability : CVE-2016-9590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage...

MAL-2025-17596 Malicious code in cors-proxy-server (npm)

The package cors-proxy-server was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

Malicious code in cors-proxy-server (npm)

The package cors-proxy-server was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

SUSE-SU-2025:02682-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-42516: Fixed HTTP response splitting. bsc1246477 - CVE-2024-43204: Fixed a SSRF when modproxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. bsc1246305 - CVE-2024-47252: Fixed insufficie...

CVE-2025-54581

vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed as a TTL value. If an attacker supplies a TTL of zero...

CVE-2025-23289

CVE-2025-23289 affects NVIDIA Omniverse Launcher for Windows and Linux. A vulnerability in the launcher logs could allow a user to cause sensitive information to be written to log files via proxy servers, potentially leading to information disclosure. The issue is described with a CVSSv3.1 base s...

NVIDIA Omniverse Launcher 日志信息泄露漏洞

NVIDIA Omniverse Launcher is an easily extensible open platform from NVIDIA, Inc. Built for virtual collaboration and real-time physically accurate simulations. NVIDIA Omniverse Launcher suffers from a log information disclosure vulnerability that originates from writing sensitive information to ...

CVE-2025-54581 vproxy is vulnerable to a divide by zero DoS attack

vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed as a TTL value. If an attacker supplies a TTL of zero...

CVE-2025-54581 vproxy is vulnerable to a divide by zero DoS attack

vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed as a TTL value. If an attacker supplies a TTL of zero...

PT-2025-31441 · Vproxy · Vproxy

Name of the Vulnerable Software and Affected Versions: vproxy versions 2.3.3 and below Description: vproxy is an HTTP/HTTPS/SOCKS5 proxy server. Untrusted data from the user-controlled HTTP Proxy-Authorization header is passed to Extension::try from and then to parse ttl extension where it is...

ROS-20250630-09

Vulnerability of net/http, x/net/proxy and x/net/http/httpproxy packages of Go programming language is related to incorrect mapping of hosts to proxy server templates. Exploitation of the vulnerability could allow an intruder to affect confidentiality and availability of protected information A...

The vulnerability of the Dante proxy server, related to deficiencies in the authentication mechanism, allows attackers to circumvent existing security restrictions.

The vulnerability of the Dante proxy server is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions remotely...

ROS-20250619-06

Dante proxy server vulnerability is related to improper access restrictions in certain configurations of sockd.conf that includes socksmethod. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the implemented security restrictions. remotely to bypass the...

GHSA-7F8R-222P-6F5G MCP Inspector proxy server lacks authentication between the Inspector client and proxy

Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these...