Lucene search
K

59 matches found

RedHat Linux
RedHat Linux
added 6 days ago6 views

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

5.3CVSS6.2AI score0.00514EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added last week6 views

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

5.3CVSS6AI score0.00514EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.5 views

Amazon Kiro IDE < 0.11.133 Incorrect Default Permissions

The version of Amazon Kiro IDE installed on the remote host is prior to 0.11.133. It is, therefore, affected by an information disclosure vulnerability. - Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other...

6.8CVSS6AI score0.00115EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 9:16 p.m.7 views

CVE-2026-46554

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. The API token deletion path removed the database row bu...

2.3CVSS0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:31 p.m.3 views

CVE-2026-41048

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

8.4CVSS5.9AI score0.00133EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.5 views

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

5.3CVSS5.9AI score0.00514EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.10 views

RockyLinux 10 : httpd (RLSA-2026:21433)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21433 advisory. httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read du...

9.8CVSS6.3AI score0.01376EPSS
Exploits0References11
AlmaLinux
AlmaLinux
added 2026/06/01 12:0 a.m.16 views

Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd:...

9.8CVSS6.3AI score0.04409EPSS
Exploits1References14
OSV
OSV
added 2026/05/30 6:3 p.m.26 views

RLSA-2026:21391 Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due to missing null-termination...

8.2CVSS6.3AI score0.01376EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.63 views

AlmaLinux 9 : httpd (ALSA-2026:21391)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21391 advisory. httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due ...

9.8CVSS6.3AI score0.01376EPSS
Exploits0References7
OSV
OSV
added 2026/05/28 12:34 p.m.11 views

SUSE-SU-2026:2103-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

9.8CVSS7.6AI score0.4581EPSS
Exploits18References23
RedHat Linux
RedHat Linux
added 2026/05/27 9:42 p.m.15 views

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

5.3CVSS5.8AI score0.00514EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/05/21 8:39 p.m.11 views

NPM: NocoDB: Stale Auth Cache After API Token Deletion

NPM: NocoDB: Stale Auth Cache After API Token Deletion vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

5.8AI score0.00197EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:39 p.m.15 views

NocoDB: Stale Auth Cache After API Token Deletion

Summary Deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. Details The API token deletion path removed the database row but did not evict the token-value keyed entry from the auth cache...

2.3CVSS5.7AI score0.00197EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/21 8:39 p.m.7 views

GHSA-F76X-F9VJ-92JV NocoDB: Stale Auth Cache After API Token Deletion

Summary Deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. Details The API token deletion path removed the database row but did not evict the token-value keyed entry from the auth cache...

2.3CVSS5.7AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.14 views

PT-2026-42049

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.2 Description The public API role unassignment endpoint "/api/public/v1/roles/unassign" updates user documents in CouchDB but fails to invalidate the corresponding Redis user cache entries. Because the...

4.2CVSS5.7AI score0.00163EPSS
Exploits0References5
OSV
OSV
added 2026/05/18 3:44 p.m.11 views

CLSA-2026-1779119053 Fix of 8 CVEs

SECURITY UPDATE: modproxyajp heap buffer over-read in ajpmsggetstring - debian/patches/CVE-2026-34032.patch: add buffer checks in modules/proxy/ajpmsg.c. - CVE-2026-34032 SECURITY UPDATE: AJP getter functions off-by-one out-of-bounds reads - debian/patches/CVE-2026-33857.patch: fix length checks ...

9.8CVSS5.9AI score0.01376EPSS
Exploits2References1
OSV
OSV
added 2026/05/05 12:0 a.m.9 views

UBUNTU-CVE-2026-33007

A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.3CVSS5.8AI score0.00514EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.11 views

FreeBSD : www/apache24 -- Multiple vulnerabilities (1ccc383b-486a-11f1-8b62-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1ccc383b-486a-11f1-8b62-8447094a420f advisory. The Apache httpd project reports: modproxyajp: CVE-2026-34059, CVE-2026-34032, CVE-2026-33857,...

9.8CVSS6AI score0.4581EPSS
Exploits18References13
NVD
NVD
added 2026/05/04 3:16 p.m.12 views

CVE-2026-33007

A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.3CVSS0.00514EPSS
Exploits0References2
Rows per page
Query Builder