DEBIAN-CVE-2026-33523

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

ALPINE-CVE-2026-33523

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

CVE-2026-33523

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

EUVD-2018-17275

Malware in sbrugna...

SUSE CVE-2024-24795

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue...

ALPINE-CVE-2024-24795

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue...

SUSE CVE-2014-6277

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access, and untrusted-pointer read and write operations via a crafted...

SUSE CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

CVE-2018-5506

In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apacheauthtokenmod and modauthf5authtoken.cpp allow possible unauthenticated bruteforce on the emserverip authorization parameter to obtain which SSL client certificates used for mutual authentication between...

Authorization

In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apacheauthtokenmod and modauthf5authtoken.cpp allow possible unauthenticated bruteforce on the emserverip authorization parameter to obtain which SSL client certificates used for mutual authentication between...

CVE-2018-5506

In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apacheauthtokenmod and modauthf5authtoken.cpp allow possible unauthenticated bruteforce on the emserverip authorization parameter to obtain which SSL client certificates used for mutual authentication between...

CVE-2018-5506

CVE-2018-5506 affects F5 BIG-IP: Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow unauthenticated brute-forcing of the em_server_ip authorization parameter to disclose which SSL client certificates are used for mutual authentication between BIG-IQ/EM and managed BIG-IP de...

The vulnerability of the Cisco Unified Communications Manager software allows a malicious actor to execute arbitrary code.

The GNU Bash command shell, as of version 4.3 and later, incorrectly handles lines that follow the declaration of a function that is exported as a variable. This allows a malicious actor to execute arbitrary code by interfering with environment variables. Security researchers have confirmed that...

The vulnerability of Cisco Nexus 1000V software allows a malicious individual to gain access to confidential information.

The GNU Bash command shell, as of version 4.3 bash43-025, incorrectly handles lines that follow the declaration of a specially crafted function, which is exported as a variable. This allows a malicious actor to read and write arbitrary files, as well as perform other unconfirmed actions. Security...

The vulnerability of Cisco ACS software allows a malicious individual to execute arbitrary code.

The GNU Bash command shell, as of version 4.3 and later, incorrectly handles lines that follow the declaration of a function that is exported as a variable. This allows a malicious actor to execute arbitrary code by interfering with environment variables. Security researchers have confirmed that...

The vulnerability of Cisco IPS software allows a malicious actor to execute arbitrary code.

The GNU Bash command shell, as of version 4.3 and later, incorrectly handles lines that follow the declaration of a function exported as a variable. This allows a malicious actor to execute arbitrary code by manipulating environment variables. Security researchers have confirmed that this...

Vulnerability of Cisco ACS software, allowing a malicious individual to access confidential information

The GNU Bash command shell, as of version 4.3 bash43-025, incorrectly handles lines that follow the declaration of a specially crafted function, which is exported as a variable. This allows a malicious actor to read and write arbitrary files, as well as perform other unconfirmed actions. Security...

Scientific Linux Security Update : ipa on SL7.x x86_64 (20150305)

Two cross-site scripting XSS flaws were found in jQuery, which impacted the Identity Management web administrative interface, and could allow an authenticated user to inject arbitrary HTML or web script into the interface. CVE-2010-5312, CVE-2012-6662 Note: The IdM version provided by this update...

ipa security update

CentOS Errata and Security Advisory CESA-2015:0442 Updated ipa packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerabilit...

Oracle Linux 7 : ipa (ELSA-2015-0442)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0442 advisory. - CVE-2014-7850 freeipa: XSS flaw can be used to escalate privileges 1165774 - CVE-2014-7828 freeipa: password not required when OTP in use 1160877...