RHEL 9 : gjs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - angular: XSS vulnerability CVE-2021-4231 - Hawk is an HTTP authentication scheme providing mechanisms for...

RHEL 8 : gjs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - angular: XSS vulnerability CVE-2021-4231 - Hawk is an HTTP authentication scheme providing mechanisms for...

RHEL 4 : kdebase (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - konqueror visual hostname truncation in HTTP authentication dialog CVE-2007-3143 Note that Nessus has not tested fo...

RHEL 6 : kdebase (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - konqueror visual hostname truncation in HTTP authentication dialog CVE-2007-3143 - KDE Konqueror 3.5.5 an...

RHEL 8 : gjs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - json5: Prototype Pollution in JSON5 via Parse Method CVE-2022-46175 Note that Nessus has not tested for this issue...

RHEL 5 : kdebase (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - konqueror visual hostname truncation in HTTP authentication dialog CVE-2007-3143 - KDE Konqueror 3.5.5 an...

RHEL 9 : gjs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - json5: Prototype Pollution in JSON5 via Parse Method CVE-2022-46175 Note that Nessus has not tested for this issue...

Improper Input Validation

symphony is vulnerable to Improper Input Validation. The vulnerability is due to incorrect parsing of the Authorization header in applications using HTTP basic or digest authentication, which could be exploited in certain server setups...

openSUSE Security Advisory (openSUSE-SU-2024:0119-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2024:0119-1 Security update for tinyproxy

This update for tinyproxy fixes the following issues: - Update to release 1.11.2 Fix potential use-after-free in header handling CVE-2023-49606, boo1223746 Prevent junk from showing up in error page in invalid requests CVE-2022-40468, CVE-2023-40533, boo1223743 - Move tinyproxy program to /usr/bi...

Mageia: Security Advisory (MGASA-2024-0086)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0086 Updated nodejs-hawk packages fix security vulnerability

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...

Updated nodejs-hawk packages fix security vulnerability

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...

JVN#77203800: OET-213H-BTS1 missing authorization check in the initial configuration

OET-213H-BTS1 is a digital temperature measurement and face recognition terminal, developed by Zhejiang Uniview Technologies Co.,Ltd and provided by Atsumi Electric Co., Ltd. The initial configuration of the product is ​insecure CWE-1188, it does not perform an authorization check when processing...

Design/Logic Flaw

LOYTEC electronics GmbH LINX Configurator 7.4.10 uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration...

MGASA-2023-0315 Updated squid packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Request/Response smuggling in HTTP/1.1 and ICAP. CVE-2023-46846 Denial of Service in HTTP Digest Authentication. CVE-2023-46847 Denial of Service in FTP. CVE-2023-46848...

Critical: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

WordPress Plugin HTTP Auth Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

ZOHO ManageEngine ADSelfService Plus Data Forgery Issue Vulnerability

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A data forgery vulnerability exists in ZOHO ManageEngine ADSelfService Plus that stems from a lack of proper authentication of data...

www/varnish-libvmod-digest -- base64 decoding vulnerability

varnish developers report: Common usage of vmod-digest is for basic HTTP authentication, in which case it may be possible for an attacker to circumvent the authentication check. If the decoded result string is somehow being made visible to the attacker for example the result of the decoding is...