Lucene search
K

13 matches found

RedHat Linux
RedHat Linux
added 2026/05/28 7:7 a.m.10 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References5
OSV
OSV
added 2026/05/19 12:0 a.m.7 views

ALSA-2026:19143 Moderate: libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

8.2CVSS5.9AI score0.00829EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2026/05/14 9:16 a.m.17 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.7AI score0.00254EPSS
Exploits1References5
OSV
OSV
added 2026/05/07 6:0 a.m.14 views

RLSA-2026:14087 Moderate: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 For more details about the security issues, including the impact, a CVSS score,...

5.9CVSS5.8AI score0.00254EPSS
Exploits1References2
OSV
OSV
added 2026/05/06 12:0 a.m.9 views

ALSA-2026:14087 Moderate: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 For more details about the security issues, including the impact, a CVSS score,...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2026/05/06 12:0 a.m.10 views

Moderate: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 For more details about the security issues, including the impact, a CVSS score,...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References4
OSV
OSV
added 2026/05/06 12:0 a.m.15 views

ALSA-2026:13978 Moderate: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 For more details about the security issues, including the impact, a CVSS score,...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References4
NVD
NVD
added 2026/02/03 3:15 a.m.4 views

CVE-2026-24935

A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...

6.3CVSS0.00144EPSS
Exploits0References1
NVD
NVD
added 2025/10/27 12:15 p.m.11 views

CVE-2025-11955

Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid...

8.2CVSS0.00259EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/27 11:30 a.m.7 views

CVE-2025-11955 Incorrect validation of OCSP certificates in TheGreenBow VPN Client Windows Enterprise

Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid...

8.2CVSS0.00259EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/25 12:0 a.m.13 views

CVE-2024-45750

An issue in TheGreenBow Windows Standard VPN Client 6.87.108 and older, Windows Enterprise VPN Client 6.87.109 and older, Windows Enterprise VPN Client 7.5.007 and older, Android VPN Client 6.4.5 and older VPN Client Linux 3.4 and older, VPN Client MacOS 2.4.10 and older allows a remote attacker ...

0.00485EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/04/20 4:0 p.m.4 views

CVE-2022-20795

A vulnerability in the implementation of the Datagram TLS DTLS protocol in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service DoS condition...

7.5CVSS7.2AI score0.00666EPSS
Exploits0References2
Prion
Prion
added 2019/08/07 10:15 p.m.14 views

Information disclosure

Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance ASA could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these...

4.4CVSS7.1AI score0.00275EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder