CVE-2022-32210

Undici.ProxyAgent never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via...

Important: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Important: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RLSA-2022:5526 Important: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: DoS when processing gopher server responses CVE-2021-46784 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

[SECURITY] Fedora 35 Update: squid-5.6-1.fc35

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

ROS-20220628-03

A vulnerability in the Squid caching proxy server is related to assertion reachability when processing responses to the from the Gopher server. Exploitation of the vulnerability could allow an attacker acting remotely to send a specially crafted response to the proxy server and perform a denial o...

Envoy Access Control Error Vulnerability (CNVD-2022-82666)

Envoy is an open source distributed proxy server.An access control error vulnerability exists in versions of Envoy prior to 1.22.1, which stems from allowing access in the presence of an access token for additional requests. No detailed vulnerability details are currently available...

Envoy has an unspecified vulnerability (CNVD-2022-82668)

Envoy is an open source distributed proxy server.A security vulnerability exists in versions of Envoy prior to 1.22.1, which stems from the fact that OAuth filters will attempt to invoke the remaining filters in the chain after issuing a local response. No detailed vulnerability details are...

Envoy has an unspecified vulnerability (CNVD-2022-82665)

Envoy is an open source distributed proxy server. security vulnerability exists in versions prior to Envoy 1.22.1, which stems from secompressors accumulating decompressed data into an intermediate buffer before overwriting the body in decode/encodeBody, which can be exploited by attackers to...

Nginx NJS Denial of Service Vulnerability (CNVD-2022-66506)

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from Nginx Inc. njs is one of the scripting language components that supports extended NGINX functionality . A denial of service vulnerability exists in Nginx NJS version v0.7.2, which stems from a segmentatio...

CVE-2021-34360

A cross-site request forgery CSRF vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy...

CVE-2021-34360

A cross-site request forgery CSRF vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy...

CVE-2021-34360

The CVE-2021-34360 entry concerns a CSRF vulnerability in QNAP Proxy Server used in QTS 4.5.x (Proxy Server 1.4.2+), QuTS hero h5.0.0 (Proxy Server 1.4.3+), and QuTScloud c4.5.x (Proxy Server 1.4.2+). The issue allows remote attackers to inject malicious code via cross-site request forgery. The f...

CVE-2021-34360 CSRF Bypass in Proxy Server

A cross-site request forgery CSRF vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy...

GHSA-XR37-PJFH-QWWC Fortify Plugin stored credentials in plain text

Fortify Plugin 19.1.29 and earlier stored its proxy server password unencrypted in job config.xml files. This password could be read by users with the Extended Read permission. Fortify Plugin 19.2.30 now encrypts the proxy server password...

Fortify Plugin stored credentials in plain text

Fortify Plugin 19.1.29 and earlier stored its proxy server password unencrypted in job config.xml files. This password could be read by users with the Extended Read permission. Fortify Plugin 19.2.30 now encrypts the proxy server password...

Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

GHSA-GW85-4GMF-M7RH Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

GHSA-MHXJ-6VF8-MWV3 phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the...