Filtered by vendor Gnome Subscriptions
Filtered by product Libsoup Subscriptions
Total 9 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-17266 2 Canonical, Gnome 2 Ubuntu Linux, Libsoup 2024-11-21 9.8 Critical
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.
CVE-2018-12910 5 Canonical, Debian, Gnome and 2 more 10 Ubuntu Linux, Debian Linux, Libsoup and 7 more 2024-11-21 N/A
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
CVE-2018-11713 3 Gnome, Redhat, Webkitgtk 3 Libsoup, Enterprise Linux, Webkitgtk\+ 2024-11-21 N/A
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.
CVE-2017-2885 3 Debian, Gnome, Redhat 9 Debian Linux, Libsoup, Enterprise Linux and 6 more 2024-11-21 9.8 Critical
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.
CVE-2012-2132 1 Gnome 1 Libsoup 2024-11-21 N/A
libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection.
CVE-2011-2524 2 Gnome, Redhat 2 Libsoup, Enterprise Linux 2024-11-21 N/A
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.
CVE-2024-52532 2 Gnome, Redhat 2 Libsoup, Enterprise Linux 2024-11-12 7.5 High
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
CVE-2024-52531 1 Gnome 1 Libsoup 2024-11-12 8.4 High
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this.
CVE-2024-52530 2 Gnome, Redhat 7 Libsoup, Enterprise Linux, Rhel Aus and 4 more 2024-11-12 7.5 High
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.