com.barchart.http:barchart-http-handlers (>=1.0.6 <=1.0.7), com.barchart.http:barchart-http-server (>=1.0.6 <=1.0.7) +14 more potentially affected by CVE-2014-0193 via io.netty:netty (>=4.0.0.Alpha1 <=4.0.0.Alpha8)

io.netty:netty MAVEN version =4.0.0.Alpha1, =1.0.6, =1.0.6, =0.3, =0.3, =0.2, =1.3.0, =1.0.0.Alpha1, =1.0.0.Alpha2 and more Source cves: CVE-2014-0193 Source advisory: OSV:GHSA-7VPQ-G998-QPV7...

GHSA-882R-R8FW-P538 XXE vulnerability in Jenkins Job Import Plugin

An XML external entity XXE processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server Jenkins queried in preparation of job import to rea...

XXE vulnerability in Jenkins Job Import Plugin

An XML external entity XXE processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server Jenkins queried in preparation of job import to rea...

EUVD-2013-6247

The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...

subversion: Subversion's mod_dav_svn is vulnerable to memory corruption

A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Essay 🕸️ Description 🖼️ This repository co...

AlmaLinux 8 : httpd:2.4 (ALSA-2022:1915)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1915 advisory. httpd: Request splitting via HTTP/2 method injection and modproxy CVE-2021-33193 httpd: modproxyuwsgi: out-of-bounds read via a crafted request uri-path...

AlmaLinux 8 : container-tools:rhel8 (ALSA-2022:1762)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1762 advisory. psgo: Privilege escalation in 'podman top' CVE-2022-1227 prometheus/clientgolang: Denial of service using InstrumentHandlerCounter CVE-2022-21698 podman:...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server shipped with IBM WebSphere Application Server Pattern (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721)

Summary IBM HTTP Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published...

Buffer overflow

Tenda AX1803 v1.0.0.12890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to...

CVE-2022-29932

The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 File Transfer allows an unauthenticated attacker to obtain sensitive data related to the content of transferred files via a crafted HTTP request...

CVE-2022-29932

The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 File Transfer allows an unauthenticated attacker to obtain sensitive data related to the content of transferred files via a crafted HTTP request...

Cross site request forgery (csrf)

The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 File Transfer allows an unauthenticated attacker to obtain sensitive data related to the content of transferred files via a crafted HTTP request...

CVE-2022-29932

The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 File Transfer allows an unauthenticated attacker to obtain sensitive data related to the content of transferred files via a crafted HTTP request...

CVE-2022-29932

The CVE-2022-29932 entry affects PRIMEUR SPAZIO 2.5.1.954 (File Transfer). The HTTP Server component allows an unauthenticated attacker to obtain sensitive data related to the content of transferred files through a crafted HTTP request. This is the explicit vulnerability described in CVE records ...

httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path

An out-of-bounds read in modproxyuwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability...

Moderate: Red Hat Security Advisory: httpd:2.4 security and bug fix update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: mod_auth_mellon security update

An update for modauthmellon is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Moderate: Red Hat Security Advisory: mod_auth_openidc:2.3 security update

An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2022:1934 Moderate: mod_auth_mellon security update

The modauthmellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fixes: modauthmellon: Open Redirect vulnerability in logo...