Rocky Linux 8 : java-17-openjdk (RLSA-2022:7000)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7000 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected...

Rocky Linux 9 : java-11-openjdk (RLSA-2022:7013)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7013 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected...

FreeBSD : opengrok -- Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. (1135e939-62b4-11ec-b8e2-1c1b0d9ea7e6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1135e939-62b4-11ec-b8e2-1c1b0d9ea7e6 advisory. - Vulnerability in OpenGrok component: Web App. Versions that are affected are 1.6.7 and prior. Easily...

Debian DSA-5548-1 : openjdk-17 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5548 advisory. Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service. For the oldstable distribution bullseye, the...

Fedora: Security Advisory (FEDORA-2023-035866b576)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices

An advanced strain of malware masquerading as a cryptocurrency miner has managed to fly the radar for over five years, infecting no less than one million devices around the world in the process. That's according to findings from Kaspersky, which has codenamed the threat StripedFly, describing it ...

CVE-2023-5824

A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk...

CVE-2023-5824

A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk...

CVE-2023-5824

Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug...

Design/Logic Flaw

Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug...

CVE-2023-5824

A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk...

CVE-2023-5824

A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk...

CVE-2023-5824 Squid: dos against http and https

A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk...

CVE-2023-5824

Summary: CVE-2023-5824 affects Squid. A flaw in how HTTP response headers are validated before caching allows a header to exceed the configured maximum size, causing a stall or crash of a worker process and resulting in a denial of service. What’s affected: Squid proxy caching server; multiple ad...

CVE-2023-5035 Cookie Without Secure Flag

A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks,...

CVE-2023-5035 Cookie Without Secure Flag

A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks,...

CVE-2023-46724

A flaw was found in Squid. Due to an improper validation of the specified index bug, Squid compiled using --with-openssl is vulnerable to a denial of service attack against SSL Certificate validation. This flaw allows a remote server to perform a denial of service against the Squid Proxy by...

phpMyFAQ Information Disclosure Vulnerability

phpMyFAQ is a multi-language, fully database-driven FAQ system. An information disclosure vulnerability exists in phpMyFAQ versions prior to 3.2.2, which stems from the presence of sensitive cookies in an HTTPS session, and can be exploited by an attacker to obtain sensitive information...

phpMyFAQ < 3.2.1 Multiple Vulnerabilities

phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...

CVE-2023-46724

Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to...