CVE-2018-12910
- EPSS 4.54%
- Veröffentlicht 05.07.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:46:05
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
CVE-2018-11713
- EPSS 0.55%
- Veröffentlicht 04.06.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:43:52
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections...
CVE-2017-2885
- EPSS 5.81%
- Veröffentlicht 24.04.2018 19:29:02
- Zuletzt bearbeitet 21.11.2024 03:24:23
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable s...
- EPSS 0.26%
- Veröffentlicht 20.08.2012 18:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection.
- EPSS 0.6%
- Veröffentlicht 31.08.2011 23:55:02
- Zuletzt bearbeitet 29.04.2026 01:13:23
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.