ALPINE-CVE-2023-49606

A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make ...

CVE-2023-49606

CVE-2023-49606 is a use-after-free in Tinyproxy’s HTTP Connection Headers parsing (affecting 1.11.1 and 1.10.0). A specially crafted, unauthenticated HTTP request can trigger reuse of freed memory, causing memory corruption and potentially remote code execution. Public advisories confirm fixes in...

Important: mod_http2

Issue Overview: HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. CVE-2024-27316 Affected Packages: modhttp2 Note: This advisory is...

Fedora 40 : caddy (2024-19d093c14d)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-19d093c14d advisory. Automatic update for caddy-2.7.6-1.fc40. Changelog Fri Feb 9 2024 Carl George - 2.7.6-1 - Update to version 2.7.6 rhbz2253698 - Includes fix for CVE-2023-451...

Fedora 40 : rust-axum / rust-tokio-tungstenite / rust-tungstenite / rust-warp (2023-f81c1ab1e6)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-f81c1ab1e6 advisory. - Update the axum crate to version 0.6.20. - Update the tokio-tungstenite crate to version 0.20.1. - Update the tungstenite crate to version 0.20.1. - Port...

Lexmark CX331adwe IPP Server Authorization HTTP Header Heap-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IPP server, which listens on TCP port 631 by default. The issue...

CVE-2024-20353

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. This...

CVE-2024-20353

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. This...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. This...

Cisco Firepower Threat Defense和Cisco Adaptive Security Appliance 安全漏洞

Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliance are both products of Cisco, Inc.Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services. Cisco Adaptive Security Appliance is a network appliance. Used to protect corpora...

CVE-2024-20353

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. This...

PT-2024-3049

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software affected versions not specified Description A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance ASA Software...

USN-6728-3: Squid vulnerability

USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS and was disabled in USN-6728-2. The problematic fix for CVE-2023-5824 has now been corrected and reinstated in this update. We apologize for the inconvenience...

RHEL 5 : httpd and httpd22 (RHSA-2010:0011)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0011 advisory. - httpd: NULL pointer defer in modproxyftp caused by crafted EPSV and PASV reply CVE-2009-3094 - httpd: modproxyftp FTP command injection vi...

RHEL 9 : squid (RHSA-2024:1833)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1833 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: Deni...

Important: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this...

squid: denial of service in HTTP header parser

A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages...

CVE-2024-23559 HCL DevOps Deploy / Launch is generating an obsolete HTTP header

HCL DevOps Deploy / Launch is generating an obsolete HTTP header...

PT-2024-19940 · Hcl · Hcl Devops Deploy / Launch

Name of the Vulnerable Software and Affected Versions: HCL DevOps Deploy / Launch affected versions not specified Description: The issue is related to HCL DevOps Deploy / Launch generating an obsolete HTTP header. No information is provided about the estimated number of potentially affected devic...

Oracle Linux 7 : squid (ELSA-2024-1787)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1787 advisory. - Resolves: CVE-2021-28651 squid: Bug 5104: Memory leak in RFC 2169 response parsing 778 - Resolves: CVE-2021-28652 squid: Bug 5106: Broken cache manag...