USN-8379-1 python-urllib3 vulnerabilities

It was discovered that urllib3 incorrectly handled cross-origin redirects in ProxyManager. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2026-44431 It was discovered that urllib3 incorrectly handled decompression of specially crafted responses. A remote...

USN-8379-1: urllib3 vulnerabilities

It was discovered that urllib3 incorrectly handled cross-origin redirects in ProxyManager. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2026-44431 It was discovered that urllib3 incorrectly handled decompression of specially crafted responses. A remote...

CVE-2026-44431

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

Advisory ROSA-SA-2024-2511

Software: python-urllib3 1.10.2 OS: rosa-server79 packageevrstring: python-urllib3-1.10.2-7.0.1.res7 CVE-ID: CVE-2024-37891 BDU-ID: None CVE-Crit: LOW CVE-DESC.: When using urllib3 proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy as expected...

Advisory ROSA-SA-2024-2510

Software: python-urllib3 1.10.2 OS: rosa-server79 packageevrstring: python-urllib3-1.10.2-7.0.1.res7 CVE-ID: CVE-2024-37891 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: When using urllib3 proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy as expected...

Amazon Linux 2 : python-pip (ALAS-2024-2652)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2652 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However,...

Amazon Linux 2 : python38-pip (ALASPYTHON3.8-2024-013)

The version of python38-pip installed on the remote host is prior to 21.0.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2PYTHON3.8-2024-013 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the...

EulerOS 2.0 SP12 : python-pip (EulerOS-SA-2024-2515)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect...

F5 Networks BIG-IP : Python urllib3 vulnerability (K000140711)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000140711 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the...

CBL Mariner 2.0 Security Update: python-pip / python-urllib3 / python3 (CVE-2024-37891)

The version of python-pip / python-urllib3 / python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37891 advisory. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3...

urllib3 Python Library < 1.26.19, < 2.2.2 (CVE-2024-37891)

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with 'ProxyManager', the 'Proxy-Authorization' header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects

When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it...

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

CVE-2024-37891 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

StreamAudio ChainCast ProxyManager ccpm_0237.dll BoF Exploit

No description provided by source. !-- StreamAudio ChainCast ProxyManager ccpm0237.dll SEH Overwrite Exploit Written by e.b. Shellcode is limited to about 680 bytes Tested on Windows XP SP2fully patched English, IE6, ccpm0237.dll 3.0.0.237 Thanks to h.d.m. and the Metasploit crew -- html head...

StreamAudio ChainCast ProxyManager ActiveX buffer overflow

Buffer overflow in InternalTuneIn...

[Full-disclosure] StreamAudio ChainCast ProxyManager ccpm_0237.dll Buffer Overflow

Who: http://www.streamaudio.com StreamAudioformerly ChainCast is a provides streaming media for radio broadcasters. What: StreamAudio utilizes an Active control that acts as a proxy between StreamAudio and Windows Media Player which actually plays the content. This control is marked as follows:...

Buffer overflow

Buffer overflow in an ActiveX control in ccpm0237.dll for StreamAudio ChainCast ProxyManager allows remote attackers to execute arbitrary code via a long URL argument to the InternalTuneIn method...

CVE-2008-0248

Buffer overflow in an ActiveX control in ccpm0237.dll for StreamAudio ChainCast ProxyManager allows remote attackers to execute arbitrary code via a long URL argument to the InternalTuneIn method...

CVE-2008-0248

CVE-2008-0248 describes a buffer overflow in an ActiveX control (ccpm_0237.dll) used by StreamAudio ChainCast ProxyManager. The overflow can be triggered by a long URL argument to the InternalTuneIn method, allowing remote attackers to execute arbitrary code. The description and references indica...