Lucene search
K

676 matches found

OSV
OSV
added 2026/05/09 12:33 p.m.12 views

OESA-2026-2255 libvncserver security update

libvncserver is a set of programs using the RFB Remote Frame Buffer protocol. They are designed to "export" a frame buffer via net: you set up a server and can connect to it via VNC viewers. If the server supports WebSockets which LibVNCServer does, you can also connect using an in-browser VNC...

8.1CVSS5.9AI score0.05322EPSS
Exploits2References3
OSV
OSV
added 2026/05/09 12:33 p.m.8 views

OESA-2026-2253 libvncserver security update

libvncserver is a set of programs using the RFB Remote Frame Buffer protocol. They are designed to "export" a frame buffer via net: you set up a server and can connect to it via VNC viewers. If the server supports WebSockets which LibVNCServer does, you can also connect using an in-browser VNC...

8.1CVSS5.9AI score0.05322EPSS
Exploits2References3
SUSE Linux
SUSE Linux
added 2026/05/06 12:10 p.m.9 views

Security update for python3

This update for python3 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969...

9.1CVSS6.7AI score0.00621EPSS
Exploits1References40
Fedora
Fedora
added 2026/05/06 12:51 a.m.10 views

[SECURITY] Fedora 44 Update: squid-7.5-1.fc44

Squid is a high-performance proxy caching server for Web clients, supporting FTP and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups...

9.2CVSS5.8AI score0.08942EPSS
Exploits0
OSV
OSV
added 2026/05/04 1:12 p.m.9 views

JLSEC-2026-398

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

8.1CVSS6.9AI score0.02927EPSS
Exploits0References20
OSV
OSV
added 2026/05/04 1:12 p.m.6 views

JLSEC-2026-401

A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocat...

5.9CVSS6.8AI score0.02511EPSS
Exploits1References10
OSV
OSV
added 2026/04/25 5:51 a.m.11 views

OESA-2026-2115 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

9.1CVSS5.5AI score0.00579EPSS
Exploits0References4
Fedora
Fedora
added 2026/04/22 7:50 a.m.9 views

[SECURITY] Fedora 43 Update: tinyproxy-1.11.2-7.fc43

tinyproxy is a small, efficient HTTP/SSL proxy daemon that is very useful in a small network setting, where a larger proxy like Squid would either be too resource intensive, or a security risk...

8.7CVSS5.2AI score0.00899EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-5119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the...

8.2CVSS5.5AI score0.00254EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/14 11:15 p.m.10 views

WWBN AVideo has an incomplete fix for CVE-2026-33039: SSRF

Summary The incomplete SSRF fix in AVideo's LiveLinks proxy adds isSSRFSafeURL validation but leaves DNS TOCTOU vulnerabilities where DNS rebinding between validation and the actual HTTP request redirects traffic to internal endpoints. Affected Package - Ecosystem: Other - Package: AVideo -...

8.6CVSS5.8AI score0.00453EPSS
Exploits2References7Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/14 8:43 a.m.7 views

SUSE CVE-2026-1502

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

4.9CVSS5.8AI score0.00562EPSS
Exploits0References14
Amazon
Amazon
added 2026/04/14 12:0 a.m.12 views

Medium: libvncserver

Issue Overview: LibVNCServer versions 0.9.15 and prior fixed in commit 009008e contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking i...

8.1CVSS5.9AI score0.05322EPSS
Exploits2
OSV
OSV
added 2026/04/14 12:0 a.m.8 views

ALSA-2026:7992 Important: golang-github-openprinting-ipp-usb security update

HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including t...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/10 5:54 p.m.6 views

CVE-2026-1502

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.8AI score0.00562EPSS
Exploits0References6Affected Software1
AlmaLinux
AlmaLinux
added 2026/04/09 12:0 a.m.35 views

Important: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

8.8CVSS7.7AI score0.21621EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:0 p.m.2 views

CVE-2026-28798

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint /v1/sys/proxy exposed by ZimaOS's web interface can be abused via an externally reachable domain using a Cloudflare Tunnel to make requests to internal localhost...

9CVSS5.8AI score0.00387EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/31 8:37 a.m.6 views

SUSE CVE-2026-5119

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

5.9CVSS5.9AI score0.00254EPSS
Exploits1References7
EUVD
EUVD
added 2026/03/24 5:31 p.m.6 views

EUVD-2026-14932

LibVNCServer versions 0.9.15 and prior fixed in commit dc78dee contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit...

6.3CVSS5.8AI score0.05322EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27461

Name of the Vulnerable Software and Affected Versions LibVNCServer versions prior to the commit dc78dee LibVNCServer version 0.9.15 Description The software contains null pointer dereference issues in the HTTP proxy handlers within the httpProcessInput function in httpd.c. These issues allow remo...

8.1CVSS5.9AI score0.05322EPSS
Exploits2References37
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.6 views

Wallos 安全漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.7.0 contained security vulnerabilities. These vulnerabilities stemmed from the endpoints/logos/search.php file accepting unvalidated HTTPPROXY and HTTPSPROXY environment variables,...

9.1CVSS5.8AI score0.00369EPSS
Exploits1References2
Rows per page
Query Builder