EulerOS 2.0 SP10 : httpd (EulerOS-SA-2022-1790)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP...

Security Bulletin: IBM Security SiteProtector System is affected by multiple Apache HTTP Server Vulnerabilities

Summary Apache HTTP Server provides HTTP services for SiteProtector. IBM Security SiteProtector System has addressed the following vulnerabilities in a Core express update: Vulnerability Details CVEID: CVE-2022-22719 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service. By using a...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-42013 C implementation of the infamous Apache 2.4.50...

Apache HTTP Server Environment Issue Vulnerability (CNVD-2022-51061)

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server is vulnerable to an environmental issue that results from Apache HTTP Server's inability to close inbound connections when dropping the body of a request, leading to request smuggling. The vulnerability...

CVE-2022-30475

Tenda AC Series Router AC18V15.03.05.196318 was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request...

EulerOS 2.0 SP3 : httpd (EulerOS-SA-2022-1730)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd...

CVE-2022-29361

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations...

Debian: Security Advisory (DSA-5146-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5146-1] puma security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5146-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2022 https://www.debian.org/security/faq -...

Missing permission checks in Zephyr for JIRA Test Management Plugin

A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password...

GHSA-2Q7J-52XG-X8FM Missing permission checks in Zephyr for JIRA Test Management Plugin

A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password...

Undertow vulnerable to Uncontrolled Resource Consumption

A vulnerability was found in the Undertow HTTP server in versions before 2.0.29 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

GHSA-VJXC-FRW4-JMH5 Undertow vulnerable to Uncontrolled Resource Consumption

A vulnerability was found in the Undertow HTTP server in versions before 2.0.29 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

GHSA-J224-7QR4-8646 Centreon Does Not Set HTTPOnly Flag

In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set...

Centreon Does Not Set HTTPOnly Flag

In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager ITNCM version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the...

Security Bulletin: IBM Navigator for i is vulnerable to an SQL injection (CVE-2022-22495)

Summary IBM Navigator for i provides server administration functionality via a robust graphical user interface. IBM Navigator for i is vulnerable to an SQL injection as described in the vulnerability details section. The vulnerabilty is fixed by applying the latest HTTP Server for i group PTF as...

macOS 11.x < 11.6.6 Multiple Vulnerabilities (HT213256)

The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.6.6. It is, therefore, affected by multiple vulnerabilities: - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches. CVE-2018-25032 - A logic issue...

macOS 10.15.x < Catalina Security Update 2022-004 Catalina (HT213255)

The remote host is running a version of macOS / Mac OS X that is prior to Catalina Security Update 2022-004. It is, therefore, affected by multiple vulnerabilities : - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...

Jenkins Blue Ocean cross-site request forgery vulnerability

Jenkins and Jenkins Plugin are both open source products from Jenkins.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Blue Ocean 1.25.3 and earlier...