squid: Denial of Service in SSL Certificate validation

A flaw was found in Squid. Due to an improper validation of the specified index bug, Squid compiled using --with-openssl is vulnerable to a denial of service attack against SSL Certificate validation. This flaw allows a remote server to perform a denial of service against the Squid Proxy by...

Important: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having ...

RHEL 8 : squid:4 (RHSA-2024:0772)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0772 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: DoS against...

RHEL 8 : squid:4 (RHSA-2024:0773)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0773 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: DoS against...

CentOS 8 : python-requests (CESA-2023:4520)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:4520 advisory. - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS...

K000138508: mod_ssl vulnerability CVE-2004-0700

Security Advisory Description Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are...

Improper Cookie Management

1Panel is vulnerable to Improper Cookie Management. The vulnerability is due the HTTPS cookie which does not have the Secure keyword. If a user access the site using HTTP, the cookie will be sent in plain text...

GHSA-9XFW-JJQ2-7V8H 1Panel set-cookie is missing the Secure keyword

Summary The https cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text when accessing http accidentally. https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Set-Cookiesecure PoC Directly configure https for the panel, and the...

CVE-2024-24768

1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6...

Code injection

1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6...

CVE-2024-24768 1Panel set-cookie is missing the Secure keyword

1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6...

CVE-2024-24768 1Panel set-cookie is missing the Secure keyword

1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6...

CVE-2024-24768

What is affected : 1Panel, a Linux server operation and maintenance management panel. Vulnerability : The HTTPS session cookie used by 1Panel does not have the Secure attribute, which may allow the cookie to be exposed over non-HTTPS connections. Root cause / details in sources : Cookie missing S...

Improper Certificate Validation

go.etcd.io/etcd is vulnerable to Improper Certificate Validation. The vulnerability is due to etcd gateway's handling of endpoint validation when the --discovery-srv flag is enabled, because it only checks for TCP reachability without ensuring that the endpoint accepted TLS connections through...

1Panel set-cookie is missing the Secure keyword

The https cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text when accessing http accidentally. https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Set-Cookiesecure...

GHSA-J86V-2VJR-FG8F Etcd Gateway TLS endpoint validation only confirms TCP reachability

Vulnerability type Cryptography Workarounds Refer to the gateway documentation. The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail Secure endpoint validation is performed by the etcd gateway start command when the --discovery-srv fla...

Etcd Gateway TLS endpoint validation only confirms TCP reachability

Vulnerability type Cryptography Workarounds Refer to the gateway documentation. The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail Secure endpoint validation is performed by the etcd gateway start command when the --discovery-srv fla...

Etcd Gateway TLS endpoint validation only confirms TCP reachability

Vulnerability type Cryptography Workarounds Refer to the gateway documentation. The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail Secure endpoint validation is performed by the etcd gateway start command when the --discovery-srv fla...

Improper Certificate Validation

meshcentral is vulnerable to Improper Certificate Validation. The vulnerability is due to the disabling of certificate verification in HTTPS connections by setting rejectUnauthorized to false, and utilizing outdated and insecure TLS versions known for security weaknesses; also use of algorithms...

GHSA-3VVC-V8C2-43R7 Apache Kylin has Insufficiently Protected Credentials

In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...