EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2024-1543)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is...

Silicon Labs Gecko Platform HTTP server header parsing invalid pointer dereference vulnerability

Talos Vulnerability Report TALOS-2024-1945 Silicon Labs Gecko Platform HTTP server header parsing invalid pointer dereference vulnerability April 18, 2024 CVE Number CVE-2023-51391 SUMMARY An invalid pointer dereference vulnerability exists in the HTTP server header parsing functionality of Silic...

Oracle HTTP Server (April 2024 CPU)

The versions of HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory: - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Plugins BSAFE Crypto-J. Supported versions that are affected are...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-24795, CVE-2023-38709)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

USN-6729-2: Apache HTTP Server vulnerabilities

USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly...

Exploit for Deserialization of Untrusted Data in Apache Kafka_Connect

Apache Druid CVE-2023-25194 CVE-2023-25194 is a deserializati...

Apache 2.4.x < 2.4.54 Authentication Bypass

The version of Apache httpd installed on the remote host is prior to 2.4.54. It is, therefore, affected by an authentication bypass vulnerability as referenced in the 2.4.54 advisory. - X-Forwarded-For dropped by hop-by-hop mechanism in modproxy: Apache HTTP Server 2.4.53 and earlier may not send...

Apache 2.4.x < 2.4.58 Out-of-Bounds Read (CVE-2023-31122)

The version of Apache httpd installed on the remote host is prior to 2.4.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.58 advisory. - modmacro buffer over-read: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server. This issue affects Apache HTTP...

SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2024:1308-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1308-1 advisory. - The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead t...

Ubuntu 16.04 LTS / 18.04 LTS : Apache HTTP Server vulnerabilities (USN-6729-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6729-2 advisory. USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

Apache 2.4.x < 2.4.54 Multiple Vulnerabilities (mod_lua)

The version of Apache httpd installed on the remote host is prior to 2.4.54. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.54 advisory. - Denial of service in modlua r:parsebody: In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that...

Apache 2.4.x < 2.4.54 Out-Of-Bounds Read (CVE-2022-28330)

The version of Apache httpd installed on the remote host is prior to 2.4.54. It is, therefore, affected by an out-of-bounds read vulnerability as referenced in the 2.4.54 advisory. - Read beyond bounds in modisapi: Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when...

CVE-2024-20991

CVE-2024-20991 affects Oracle HTTP Server (Web Listener) in Oracle Fusion Middleware, specifically version 12.2.1.4.0. The issue, described across multiple sources, enables an unauthenticated attacker with network access via HTTP to read a subset of Oracle HTTP Server data due to insufficient pro...

CVE-2023-51391 Micrium OS Network uC-HTTP server header parsing invalid pointer dereference vulnerability

A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service...

CVE-2023-51391 Micrium OS Network uC-HTTP server header parsing invalid pointer dereference vulnerability

A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service...

[SECURITY] [DSA 5662-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5662-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 16, 2024 https://www.debian.org/security/faq -...

SUSE-SU-2024:1309-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to 18.20.1 Security fixes: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscatio...

SUSE-SU-2024:1307-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to 18.20.1 Security fixes: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscatio...

SUSE-SU-2024:1301-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.12.1 Security fixes: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscatio...

Micrium OS Network HTTP Server 安全漏洞

Micrium OS Network HTTP Server is an application from Micrium Corporation, USA. A security vulnerability exists in Micrium OS Network HTTP Server that stems from the presence of an invalid pointer dereference, resulting in a device crash and a denial of service DOS attack...