Astra Linux - уязвимость в apache2

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for this vulnerability, but it might be possible to create one. This issue affects Apache HTTP Server 2.4.51 and earlie...

RHSA-2022:8840 Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

Bulletin has no description...

RHSA-2022:7143 Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update

Bulletin has no description...

CVE-2024-32764

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud...

CVE-2024-32764

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud...

QNAP Systems myQNAPcloud Link 访问控制错误漏洞

QNAP Systems myQNAPcloud Connect is an application for connecting, sharing, and managing QNAP NAS files from China Weilian Technology QNAP Systems. An access control error vulnerability previously existed in QNAP Systems myQNAPcloud Link version 2.4.51, which stemmed from a lack of critical...

BIT-APACHE-2021-44790 Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

SUSE CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

Royal Event Management System 1.0 - 'todate' SQL Injection (Authenticated)

Exploit Title: Royal Event Management System 1.0 - 'todate' SQL Injection Authenticated Date: 2022-26-03 Exploit Author: Eren Gozaydin Vendor Homepage: https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html Software Link:...

Microfinance Management System 1.0 SQL Injection

Exploit Title: Microfinance Management System 1.0 - 'customernumber' SQLi Date: 2022-25-03 Exploit Author: Eren Gozaydin Vendor Homepage: https://www.sourcecodester.com/php/14822/microfinance-management-system.html Software Link:...

Internet Bug Bounty: Use of uninitialized value of in req_parsebody method of lua_request.c

Software Versions Ubuntu - 18.04 64-bit Apache 2.4.51 - 64 bit Cause of Bug This bug is present in the reqparsebody method of luarequest.c file. Below mentioned lines of code cause this bug. cpp const char data; int i; sizet vlen = 0; sizet len = 0; if luareadbodyr, &data, aprofft &size,...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1306)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : httpd:2.4 (ELSA-2022-0258)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0258 advisory. - scoreboard: fix null pointer deference Orabug: 33690670CVE-2021-34798 - fix apescapequote logic Orabug: 33690686CVE-2021-39275 - Resolves: 2035062 -...

SUSE-SU-2022:0091-1 Security update for apache2

This update for apache2 fixes the following issues: Apache2 was updated to the current stable version 2.4.51 jscSLE-22733 jscSLE-22849 It fixes all CVEs and selected bugs represented by patches found between 2.4.23 and 2.4.51. See https://downloads.apache.org/httpd/CHANGES2.4 for a complete chang...

CVE-2021-44224 affecting package httpd 2.4.51-1

CVE-2021-44224 affecting package httpd 2.4.51-1. An upgraded version of the package is available that resolves this issue...

AZL-7043 CVE-2021-44224 affecting package httpd for versions less than 2.4.52-1

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

DEBIAN-CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

ALPINE-CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

UBUNTU-CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...