EulerOS 2.0 SP11 : httpd (EulerOS-SA-2024-2982)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2024-2968)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...

EulerOS 2.0 SP12 : httpd (EulerOS-SA-2024-2937)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...

RHEL 9 : php:8.1 (RHSA-2024:10950)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:10950 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: host/secure cookie bypass due to...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker obtaining sensitive information, bypassing security restrictions, and a server-side request forgery due to multiple vulnerabilities.

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to a remote attacker obtaining sensitive information due to ignoring legacy content-type based configuration of handlers CVE-2024-39884 and improper validation of input CVE-2024-38476, a bypass of security restrictions due to a fla...

Dell 3000cn Improper Authentication (CVE-2006-2113)

The embedded HTTP server in Fuji Xerox Printing Systems FXPS print engine, as used in products including 1 Dell 3000cn through 5110cn and 2 Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which...

ROS-20241203-19

Apache HTTP Server web server kernel vulnerability is related to the inclusion of functions from an invalid controlled area. Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code by running local handlers through internal redirection A vulnerability in the...

PT-2025-16247

Name of the Vulnerable Software and Affected Versions: libsoup affected versions not specified Description: A flaw was found in libsoup, where SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff mp4 function. This could cause the libsoup client to crash when interactin...

SUSE CVE-2024-42328

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curlwritecb when receiving data. If the server's response is an empty document, then wd-data in the code below will remain NULL and an attempt to read from it will...

CVE-2024-42328

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curlwritecb when receiving data. If the server's response is an empty document, then wd-data in the code below will remain NULL and an attempt to read from it will...

CVE-2024-42329 JS - Crash on unexpected HTTP server response

The webdriver for the Browser object expects an error object to be initialized when the webdriversessionquery function fails. But this function can fail for various reasons without an error description and then the wd-error will be NULL and trying to read from it will result in a crash...

CVE-2024-42329 JS - Crash on unexpected HTTP server response

The webdriver for the Browser object expects an error object to be initialized when the webdriversessionquery function fails. But this function can fail for various reasons without an error description and then the wd-error will be NULL and trying to read from it will result in a crash...

CVE-2024-42328 JS - Crash on empty HTTP server response

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curlwritecb when receiving data. If the server's response is an empty document, then wd-data in the code below will remain NULL and an attempt to read from it will...

CVE-2024-42328 JS - Crash on empty HTTP server response

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curlwritecb when receiving data. If the server's response is an empty document, then wd-data in the code below will remain NULL and an attempt to read from it will...

CVE-2024-42328

CVE-2024-42328 affects Zabbix’s Browser object webdriver when downloading data over HTTP. Root cause: the data pointer is set to NULL and only allocated in curl_write_cb; an empty HTTP response leaves wd->data NULL, causing a crash when read. Impact stated as a crash (potential denial of servi...

PT-2025-29117

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.35 through 2.4.63 Description: In certain mod ssl configurations, an access control bypass is possible for trusted clients using TLS 1.3 session resumption. This occurs when mod ssl is configured for multiple...

PT-2025-16238

Name of the Vulnerable Software and Affected Versions: libsoup affected versions not specified Description: A flaw was found in libsoup, where the soup headers parse request function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP reque...

macOS 15.x < 15.1 Multiple Vulnerabilities (121564)

The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.1. It is, therefore, affected by multiple vulnerabilities: - The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system...

CVE-2024-52303

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...

Security Bulletin: TSSC/IMC is vulnerable to a denial of service on Apache HTTP Server

Summary TSSC/IM is vulnerable to a denial of service on Apache HTTP Server. The latest code level has an upgrade to the relevant libaries to fix CVE-2024-27316. Vulnerability Details CVEID:CVE-2024-27316 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by the failure t...