Lucene search
K

912 matches found

OSV
OSV
added 2026/05/28 12:34 p.m.11 views

SUSE-SU-2026:2103-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

9.8CVSS7.6AI score0.4581EPSS
Exploits18References23
Amazon
Amazon
added 2026/05/26 12:0 a.m.13 views

Important: httpd

Issue Overview: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue. CVE-2026-24072 Heap-based Buffer...

9.8CVSS5.8AI score0.01325EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.23 views

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2026-1720)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1720 advisory. An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to...

9.8CVSS5.9AI score0.01325EPSS
Exploits2References22
OSV
OSV
added 2026/05/22 5:59 p.m.9 views

CLSA-2026-1779372929 curl: Fix of CVE-2026-7168

CVE-2026-7168: clear proxy Digest auth state when CURLOPTPROXY is reassigned to a different proxy host on the same easy handle so a stale Proxy-Authorization header is not replayed to the new proxy...

5.3CVSS5.8AI score0.00471EPSS
Exploits1References1
OSV
OSV
added 2026/05/22 5:52 p.m.9 views

CLSA-2026-1779372207 curl: Fix of CVE-2026-7168

CVE-2026-7168: clear proxy Digest auth state when CURLOPTPROXY is reassigned to a different proxy host on the same easy handle so a stale Proxy-Authorization header is not replayed to the new proxy...

5.3CVSS5.8AI score0.00471EPSS
Exploits1References1
OSV
OSV
added 2026/05/22 1:21 p.m.8 views

OESA-2026-2422 perl-Authen-SASL security update

Authen::SASL::Perl is the pure Perl implementation of SASL mechanisms in the Authen::SASL framework, At the time of this writing it provides the client part implementation for the following SASL mechanisms. Security Fixes: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl...

6.5CVSS5.8AI score0.00394EPSS
Exploits0References2
OSV
OSV
added 2026/05/22 1:18 p.m.9 views

OESA-2026-2401 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...

8.8CVSS5.8AI score0.00654EPSS
Exploits2References10
OSV
OSV
added 2026/05/21 2:41 p.m.10 views

CLSA-2026-1779374454 Fix of 7 CVEs

SECURITY UPDATE: multiple security fixes - debian/patches/CVE-2026-41284.patch: add a configurable maxRequestBodySize init-param to the WebDAV servlet to bound LOCK/PROPFIND XML request bodies; reject oversized bodies with 413 Request Entity Too Long. Includes the upstream...

9.8CVSS5.8AI score0.01339EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/05/20 6:19 a.m.8 views

CVE-2026-7168

A flaw was found in libcurl. When a user performs a transfer over an HTTP proxy using Digest authentication and then reuses the same handle for a second transfer with a different proxy host, libcurl incorrectly sends the Proxy-Authorization header intended for the first proxy to the second proxy...

5.3CVSS5.6AI score0.00471EPSS
Exploits1References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux - уязвимость в tomcat9

DEPRECATED: There is a vulnerability related to authentication bypass in digest authentication in Apache Tomcat. This issue affects Apache Tomcat versions as follows: 11.0.0-M1 through 11.0.21, 10.1.0-M1 through 10.1.54, 9.0.0.M1 through 9.0.117, 8.5.0 through 8.5.100, and versions prior to 7.0.0...

9.8CVSS5.7AI score0.01233EPSS
Exploits1References1
OSV
OSV
added 2026/05/16 2:38 p.m.6 views

CLSA-2026-1778934210 Fix of 7 CVEs

SECURITY UPDATE: off-by-one OOB read in modproxyajp message getters - debian/patches/CVE-2026-33857.patch: tighten length checks msg-len - = msg-len in ajpmsggetuint8/16/32 and ajpmsgpeekuint8/16 in modules/proxy/ajpmsg.c. - CVE-2026-33857 SECURITY UPDATE: heap over-read in modproxyajp via missin...

8.8CVSS5.9AI score0.00654EPSS
Exploits2References1
OSV
OSV
added 2026/05/15 2:0 p.m.9 views

OESA-2026-2296 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of Resources Without...

9.8CVSS5.8AI score0.01339EPSS
Exploits2References8
Mageia
Mageia
added 2026/05/15 6:17 a.m.15 views

Updated tomcat packages fix security vulnerability

Unbounded read in WebDAV LOCK and PROPFIND handling. CVE-2026-41284 HTTP/2 request headers not validated. CVE-2026-41293 WebSocket authentication header exposure. CVE-2026-42498 Digest authenticator will authenticate any unknown user. CVE-2026-43512 LockOutRealm treats user names as case-sensitiv...

9.8CVSS5.8AI score0.01339EPSS
Exploits2References9
OSV
OSV
added 2026/05/15 6:17 a.m.10 views

MGASA-2026-0139 Updated tomcat packages fix security vulnerability

Unbounded read in WebDAV LOCK and PROPFIND handling. CVE-2026-41284 HTTP/2 request headers not validated. CVE-2026-41293 WebSocket authentication header exposure. CVE-2026-42498 Digest authenticator will authenticate any unknown user. CVE-2026-43512 LockOutRealm treats user names as case-sensitiv...

9.8CVSS5.8AI score0.01339EPSS
Exploits2References10
OSV
OSV
added 2026/05/14 11:56 a.m.9 views

BIT-TOMCAT-2026-43512 Apache Tomcat: Digest authenticator will authenticate any unknown user

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.21, from 10.1.0 through 10.1.54, from 9.0.0 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any...

9.8CVSS5.7AI score0.01233EPSS
Exploits1References3
Microsoft CVE
Microsoft CVE
added 2026/05/14 8:3 a.m.10 views

cross-proxy Digest auth state leak

...

5.3CVSS5.8AI score0.00471EPSS
Exploits1
EUVD
EUVD
added 2026/05/13 6:30 p.m.19 views

EUVD-2026-29932

Successfully using libcurl to do a transfer over a specific HTTP proxy proxyA with Digest authentication and then changing the proxy host to a second one proxyB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to...

5.3CVSS5.8AI score0.00471EPSS
Exploits1References5
OSV
OSV
added 2026/05/13 1:1 p.m.5 views

ALPINE-CVE-2026-7168

Successfully using libcurl to do a transfer over a specific HTTP proxy proxyA with Digest authentication and then changing the proxy host to a second one proxyB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to...

5.3CVSS5.5AI score0.00471EPSS
Exploits1References1
NVD
NVD
added 2026/05/13 1:1 p.m.6 views

CVE-2026-7168

Successfully using libcurl to do a transfer over a specific HTTP proxy proxyA with Digest authentication and then changing the proxy host to a second one proxyB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to...

5.3CVSS0.00471EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:29 a.m.28 views

CVE-2026-7168

Successfully using libcurl to do a transfer over a specific HTTP proxy proxyA with Digest authentication and then changing the proxy host to a second one proxyB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to...

5.8AI score0.00471EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder