MGASA-2023-0315 Updated squid packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Request/Response smuggling in HTTP/1.1 and ICAP. CVE-2023-46846 Denial of Service in HTTP Digest Authentication. CVE-2023-46847 Denial of Service in FTP. CVE-2023-46848...

Critical: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

WordPress Plugin HTTP Auth Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

ZOHO ManageEngine ADSelfService Plus Data Forgery Issue Vulnerability

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A data forgery vulnerability exists in ZOHO ManageEngine ADSelfService Plus that stems from a lack of proper authentication of data...

www/varnish-libvmod-digest -- base64 decoding vulnerability

varnish developers report: Common usage of vmod-digest is for basic HTTP authentication, in which case it may be possible for an attacker to circumvent the authentication check. If the decoded result string is somehow being made visible to the attacker for example the result of the decoding is...

CVE-2023-33868

The number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication...

PHP 8.0.x < 8.0.29

The version of PHP installed on the remote host is prior to 8.0.29. It is, therefore, affected by a vulnerability as referenced in the Version 8.0.29 advisory. - In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : hawk vulnerability (USN-6116-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6116-1 advisory. It was discovered that hawk incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially...

Potential leak of authentication data to 3rd parties

Impact Users of typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: 1. Send any request with BasicCredentialHandler, BearerCredentialHandler or PersonalAccessTokenCredentialHandler 2. The target...

SUSE CVE-2005-0584

Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks...

SUSE CVE-2005-2395

Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available...

SUSE CVE-2011-4362

Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...

SUSE CVE-2015-4515

Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message...

SUSE CVE-2021-29965

A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. This bug only affects Firefox for Android. Other operating systems are...

[SECURITY] [DLA 3246-1] node-hawk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3246-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb December 23, 2022 https://wiki.debian.org/LTS -...

Debian dla-3246 : node-hawk - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3246 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3246-1 [email protected] https://www.debian.org/lts/security/...

Cisco Small Business 缓冲区错误漏洞

Cisco Small Business is a switch from Cisco USA. A security vulnerability exists in the Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers, which stems from insufficient authentication of the user field in incoming HTTP packets. An attacker could exploit the vulnerability to cause a...

Cisco Small Business 缓冲区错误漏洞

Cisco Small Business is a switch from Cisco USA. A security vulnerability exists in the Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers, which stems from insufficient authentication of the user field in incoming HTTP packets. An attacker could exploit the vulnerability to cause a...

GHSA-R3FQ-CMMW-CPMM Containous Traefik Exposes Password Hashes

types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control which is contrary to the API documentation, allows remote authenticated users to discover password hashes by reading the Basic HTT...

Uncontrolled Resource Consumption in Hawk

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...