Rocky Linux 8 : nodejs:12 (RLSA-2021:0549)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0549 advisory. - The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker...

Rocky Linux 9 : varnish (RLSA-2022:8643)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8643 advisory. - An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce...

Fedora 39 : llhttp / python-aiohttp (2023-ad76deb86e)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-ad76deb86e advisory. Update llhttp to 8.1.1 and python-aiohttp to 3.8.5. Fixes CVE-2023-30589. Tenable has extracted the preceding description block directly from the Fedora...

SUSE SLES12 Security Update : squid (SUSE-SU-2023:4381-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4381-1 advisory. - Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 an...

Rocky Linux 8 : go-toolset:rhel8 (RLSA-2022:5775)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5775 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...

BIT-PROCESSMAKER-2020-13525

The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTablesAjax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

BIT-PROCESSMAKER-2020-13526

SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTablesAjax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTT...

Rocky Linux 8 : nodejs:12 (RLSA-2020:0598)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:0598 advisory. - Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate CVE-2019-15604 - HTTP...

Rocky Linux 8 : nodejs:10 (RLSA-2020:0579)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:0579 advisory. - Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate CVE-2019-15604 - HTTP...

Rocky Linux 8 : nodejs:18 (RLSA-2022:7821)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7821 advisory. - A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in...

AlmaLinux 8 : squid:4 (ALSA-2023:6267)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:6267 advisory. SQUID-2023:3 squid: Denial of Service in HTTP Digest Authentication CVE-2023-46847 SQUID-2023:1 squid: Request/Response smuggling in HTTP/1.1 and ICAP...

Rocky Linux 8 : nodejs:14 (RLSA-2021:0551)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0551 advisory. - An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows...

Rocky Linux 9 : grafana-pcp (RLSA-2022:8250)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8250 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...

Rocky Linux 8 : grafana-pcp (RLSA-2022:7648)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7648 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...

Rocky Linux 8 : nodejs:16 (RLSA-2021:5171)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5171 advisory. - This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...

Rocky Linux 9 : nodejs and nodejs-nodemon (RLSA-2023:0321)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0321 advisory. - Minimist =1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey lines 69-95. CVE-2021-44906 - A vulnerability was found in the...

CVE-2023-46846

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

CVE-2023-46846

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

CVE-2023-46846

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

Design/Logic Flaw

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...