1245 matches found
CVE-2019-17393
CVE-2019-17393 affects Tomedo Server 1.7.3 (Customer Tomedo Server) which communicates with the Vendor Tomedo Update Server over HTTP in cleartext. The vulnerability arises from cleartext transmission of credentials protected only by basic authentication, enabling an attacker to potentially sniff...
The vulnerability of the microprogrammed software of Moxa EDS-G516E and Moxa EDS-510E switches, which is related to the default use of the HTTP protocol, allows attackers to intercept administrator credentials and other confidential information, thereby gaining access to the control system.
The vulnerability of the microprogrammed software of Moxa EDS-G516E and Moxa EDS-510E switches is related to the default use of the HTTP protocol in implementing the “Basic HTTP Authentication” method. Exploiting this vulnerability allows a malicious actor to remotely intercept administrator...
The vulnerability of the embedded web-server microprogramming software for Moxa MGate models MB3170, MB3180, MB3270, MB3280, MB3480, and MB3660 allows a hacker to intercept administrator credentials and other confidential information, gaining access to the control system.
The vulnerability of the embedded web-server microprogramming system controllers from Moxa, models MB3170, MB3180, MB3270, MB3280, MB3480, and MB3660, stems from the default use of the HTTP protocol during the implementation of the “Basic HTTP Authentication” method. Exploiting this vulnerability...
squid: heap-based buffer overflow in HttpHeader::getAuth
A flaw was discovered in Squid versions 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data but does not check that the decoded length is not greater than the buffer. This flaw leads to a heap-based buffer overflow...
Cisco Adaptive Security Appliance VPN SAML Authentication Bypass Vulnerability (cisco-sa-20190501-asaftd-saml-vpn)
According to its self-reported version the Cisco Adaptive Security Appliance ASA software running on the remote device is affected by an authentication bypass vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 Single Sign-On SSO for Clientless SSL VPN WebVPN and...
USN-4065-1 squid, squid3 vulnerabilities
It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. CVE-2019-12525 It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could use this...
Security fix for the ALT Linux 9 package squid version 4.8-alt1
4.8-alt1 built July 16, 2019 Alexey Shabalin in task 234609 --- July 15, 2019 Alexey Shabalin - Updated to 4.8 - Fixes: + CVE-2019-12854 Denial of Service issue in cachemgr.cgi + CVE-2019-12529 Denial of Service in HTTP Basic Authentication + CVE-2019-12525 Denial of Service in HTTP Digest...
Internet Bug Bounty: Basic Authentication Heap Overflow
Summary: An attacker can get arbitrary data overflowed in the heap via Basic Authorization base64 blob. Even when basic auth isn't configured. Report sent to developers When calling HttpHeader::getAuth the field value will be base64 decoded. The call to the decode method doesn't ensure that the...
CVE-2019-12529
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...
CVE-2019-12527
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user...
CVE-2019-12529
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...
DEBIAN-CVE-2019-12529
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...
CVE-2019-12527
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user...
DEBIAN-CVE-2019-12527
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user...
Design/Logic Flaw
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...
EUVD-2019-4124
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...
CVE-2019-12529
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...
CVE-2019-12529
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...
CVE-2019-12529
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...
CVE-2019-12527
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user...