The vulnerability of the demon proxy server’s HTTP request header processing mechanism allows a hacker to execute arbitrary code.

The vulnerability of the HTTP request header processing component of the Tinyproxy proxy daemon lies in the possibility of using memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted HTTP requests...

Fedora 38 : python-aiohttp (2024-f34786d26f)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f34786d26f advisory. Security update for CVE-2024-27306 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4...

[SECURITY] Fedora 38 Update: squid-6.9-1.fc38

Squid is a high-performance proxy caching server for Web clients, supporting FTP and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups...

PT-2024-7264 · 1с · Bitrix24 +1

Name of the Vulnerable Software and Affected Versions: 1C-Bitrix Bitrix24 version 23.300.100 Description: The issue is related to insufficiently protected credentials in the DAV server settings, allowing remote administrators to read proxy-server accounts passwords via an HTTP GET request. This...

CVE-2024-27306

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

CVE-2024-27306

CVE-2024-27306 : An XSS vulnerability exists in aiohttp’s index pages for static file handling. Root cause: improper validation of input on index/static file pages. The issue is fixed in aiohttp 3.9.4. Public advisories recommend upgrading to the patched version; for those unable to upgrade, a wo...

The vulnerability of the Windows operating system proxy server driver allows a hacker to execute arbitrary code.

The vulnerability of Windows operating system proxy server drivers is related to access control errors. Exploiting this vulnerability allows an attacker to execute arbitrary code by replacing the proxy server driver...

The vulnerability of the proxy server of the cloud messaging and Apache Pulsar streaming platform allows attackers to expose sensitive information and cause service failures.

The vulnerability of a cloud messaging and Apache Pulsar streaming service’s proxy server lies in the lack of authentication checks for a critical function. Exploiting this vulnerability allows an attacker to disclose protected information and cause service failures...

Envoy 安全漏洞

Envoy is an open source distributed proxy server. A security vulnerability exists in Envoy that stems from the HTTP/2 protocol stack's susceptibility to CPU exhaustion due to continuous frame flooding. Affected products and versions: Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8...

ROS-20240329-02

A vulnerability in the Squid proxy server is related to the dereferencing of an expired pointer. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Important: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: denial of service in HTTP header parser CVE-2024-25617 squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 squid: denial of service in HTTP request...

BIT-PYTHON-2021-23336 Web Cache Poisoning

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

Important: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Squid 安全漏洞

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A denial of service vulnerability exists in Squid that stems from the presence of a recursion error, which can be...

Squid security vulnerability

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security vulnerability exists in versions prior to Squid 6.5 that originates from allowing remote clients or remote...

Important: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

MAL-2024-130 Malicious code in noblox.js-proxy-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2b3d7766d2ada5a6d17ae9ae430365649d4034341202ba6fc6a07a0ab6a553fb The OpenSSF Package Analysis project identified 'noblox.js-proxy-server' @ 4.15.1 npm as malicious. It is considered malicious because: - The...

Malicious code in noblox.js-proxy-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2b3d7766d2ada5a6d17ae9ae430365649d4034341202ba6fc6a07a0ab6a553fb The OpenSSF Package Analysis project identified 'noblox.js-proxy-server' @ 4.15.1 npm as malicious. It is considered malicious because: - The...

CVE-2023-51701 @fastify-reply-from JSON Content-Type parsing confusion

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with @fastify/reply-from could misinterpret the incoming body by passing an header ContentType: application/json ; charset=utf-8. This can lead to bypass of security checks...