Envoy null pointer dereference vulnerability (CNVD-2021-58574)

Envoy is an open source distributed proxy server. versions prior to Envoy 1.71.1 are vulnerable to a null pointer dereference vulnerability, which can be exploited by attackers to crash the program...

Envoy integer overflow vulnerability

Envoy is an open source distributed proxy server. versions prior to Envoy 1.71.1 are vulnerable to integer overflow, which can be exploited by an attacker with an excessive grpc-timeout value to cause an unexpected timeout calculation...

Cisco Firepower Management Center Information Disclosure (cisco-sa-fmc-infodisc-RJdktM6f)

The version of Cisco Firepower Management Center installed on the remote host is prior to 6.7.0. It is, therefore, affected by a vulnerability as referenced in the cisco-sa-fmc-infodisc-RJdktM6f advisory. Specifically, a vulnerability in the storage of proxy server credentials of Cisco Firepower...

Homee Brain Cube 安全漏洞

Homee Brain Cube is a smart home central control unit from Homee, Germany. A security vulnerability exists in homee Brain Cube v2, which allows remote attackers to exploit the vulnerability to use the support server as a SOCKS proxy...

Important: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: improper input validation may allow a trusted client to perform HTTP request smuggling CVE-2020-25097 For more details about the security issues, including the...

ALSA-2021:1979 Important: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: improper input validation may allow a trusted client to perform HTTP request smuggling CVE-2020-25097 For more details about the security issues, including the...

Mubeng - An Incredibly Fast Proxy Checker And IP Rotator With Ease

An incredibly fast proxy checker & IP rotator with ease. Features Proxy IP rotator : Rotates your IP address for every specific request. Proxy checker : Check your proxy IP which is still alive. All HTTP/S methods are supported. HTTP & SOCKSv5 proxy protocols apply. All parameters & URIs are...

Squid 输入验证错误漏洞

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. An input validation error vulnerability exists in Squid. The vulnerability arises from insufficient validation of...

Squid 安全漏洞

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security vulnerability exists in Squid. The vulnerability stems from a memory leak caused by incorrect parser...

Squid 资源管理错误漏洞

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. Squid is vulnerable to a resource management error. A remote attacker can trick a user behind a proxy server into...

Forced Browsing in Twisted

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

Arbitrary File Read Vulnerability in MAS Mobile Proxy Server

Mobile Agent Server MAS is the abbreviation of Mobile Agent Server, is to assist the enterprise original business system to realize the wireless application of the access tool to achieve MAS access to the enterprise original business system can be convenient to realize the wireless application,...

squid security update

CentOS Errata and Security Advisory CESA-2021:1135 An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

The vulnerability of the peerDigestHandleReply() function in the Squid proxy server, related to the lack of input validation mechanisms, allows attackers to trigger service denial attacks.

The vulnerability of the peerDigestHandleReply function of the Squid proxy server is related to the lack of a mechanism for verifying the input data. Exploiting this vulnerability could allow an attacker to cause service interruptions...

Envoy licensing issue vulnerability

Envoy is an open source distributed proxy server. Envoy is vulnerable to an authorization issue, which could be exploited by an attacker to bypass authentication by providing a JWT token to an issuer that is not in the provider list...

Unauthorized Access Vulnerability in China Mobile's MAS Mobile Proxy Server

Mobile Agent Server MAS is the abbreviation of Mobile Agent Server, is to assist the enterprise original business system to realize the wireless application of the access tool to achieve MAS access to the enterprise original business system can be convenient to realize the wireless application,...

Design/Logic Flaw

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server i...

Information Disclosure Vulnerability in MAS Mobile Proxy Server of China Mobile Communications Co.

MAS Mobile Proxy Server is an access tool to assist the original business systems of enterprises to realize wireless applications. An information leakage vulnerability exists in the MAS mobile proxy server of China Mobile Communications Corporation, which can be exploited by attackers to obtain...

Unauthorized Access Vulnerability in MAS Mobile Proxy Server of China Mobile Communications Ltd.

MAS Mobile Proxy Server is an access tool to assist the original business systems of enterprises to realize wireless applications. An unauthorized access vulnerability exists in the MAS mobile proxy server of China Mobile Communications Corporation, which can be exploited by an attacker to access...

UBUNTU-CVE-2021-23336

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...