CVE-2019-18679

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information...

openSUSE Security Update : chromium / re2 (openSUSE-2019-2420)

This update for chromium, re2 fixes the following issues : Chromium was updated to 78.0.3904.70 boo1154806 : - CVE-2019-13699: Use-after-free in media - CVE-2019-13700: Buffer overrun in Blink - CVE-2019-13701: URL spoof in navigation - CVE-2019-13702: Privilege elevation in Installer -...

Security update for chromium, re2 (important)

openSUSE Security Update: Security update for chromium, re2 Announcement ID: openSUSE-SU-2019:2425-1 Rating: important References: 1154806 Cross-References: CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707...

Security update for chromium, re2 (important)

openSUSE Security Update: Security update for chromium, re2 Announcement ID: openSUSE-SU-2019:2420-1 Rating: important References: 1154806 Cross-References: CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707...

KLA11714 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. Cross-origin data leak vulnerability can be exploited to arbitrary code executio...

Critical: Red Hat Security Advisory: chromium-browser security update

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Google Chrome Security Updates (stable-channel-update-for-desktop_22-2019-10) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

KLA11588 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability in media can be exploited to arbitrary code execution; 2. Buffer overrun vulnerability in...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2019:2152-1 Rating: important References: 1150425 Cross-References: CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667...

SUSE-SU-2019:2089-1 Security update for squid

This update for squid fixes the following issues: Security issue fixed: - CVE-2019-12529: Fixed a potential denial of service associated with HTTP Basic Authentication credentials bsc1141329. - CVE-2019-12525: Fixed a denial of service during processing of HTTP Digest Authentication credentials...

CVE-2018-20888

CVE-2018-20888 affects cPanel prior to 74.0.0, where an incorrect HTTP authentication context allows file modification by the root account. This is a local vulnerability with impact on integrity (as per the mounted CVSS data) and does not appear to have publicly documented exploitation details or...

Debian DLA-1858-1 : squid3 security update

Squid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with HTTP authentication header processing. CVE-2019-12525 Due to incorrect buffer management Squid is vulnerable to a denial of service attack when processing HTTP...

[SECURITY] [DLA 1858-1] squid3 security update

Package : squid3 Version : 3.4.8-6+deb8u8 CVE ID : CVE-2019-12525 CVE-2019-12529 Squid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with HTTP authentication header processing. CVE-2019-12525 Due to incorrect buffer...

CVE-2019-12527

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user...

CVE-2019-6971

An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of the credentials...

CVE-2019-6971

CVE-2019-6971 affects TP-Link TL-WR1043ND V2 routers. The issue is an authentication bypass: an attacker can send a cookie in an HTTP authentication packet to the router management Web UI and gain full control without credentials. Public exploitation exists (e.g., TP-Link TL-WR1043ND 2 - Authenti...

FreeBSD : phpMyAdmin -- CSRF vulnerability in login form (a5681027-8e03-11e9-85f4-6805ca0b3d42)

The phpMyAdmin development team reports : Summary CSRF vulnerability in login form Description A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdm...

Information Disclosure

Undertow Core is vulnerable to information disclosure. Confidential information such as HTTP Authentication for HttpServerExchange object at ERROR level are logged in plain text using UndertowLogger.REQUESTLOGGER.undertowRequestFailedt, exchange by Connectors.executeRootHandler:402...

EUVD-2017-6225

An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public...

CVE-2019-10233

Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie...