Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 12 security update

An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update

Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update

Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

PT-2021-3578 · Apache +9 · Apache Http Server +9

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.39 through 2.4.46 Description: The issue exists due to insufficient input validation in the Apache HTTP Server. Exploitation of this issue may allow a remote attacker to impact the integrity of protected...

CVE-2021-29641

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...

Design/Logic Flaw

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...

CVE-2021-29641

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...

CVE-2021-29641

CVE-2021-29641 affects Directus 8 up to 8.8.2. The vulnerability arises from file-upload permissions that allow uploading a PHP file to the main upload directory and, in a subdirectory, a PHP file plus an .htaccess, enabling remote authenticated code execution. Exploitation is limited to specific...

QNAP QTS < 4.3.6.1620 Build 20210322 Multiple Vulnerabilities

This VT has been deprecated and replaced by the VT SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

GNU libmicrohttpd Buffer Overflow Vulnerability

GNU libmicrohttpd is a GNU open source application. Run the HTTP server as part of another application. A buffer overflow vulnerability exists in versions of libmicrohttpd prior to 0.9.71, which stems from the fact that a missing bounds check will result in a buffer overflow that can be exploited...

vulhub

This is a collection of vulnerable Docker environments, known as Vulhub. It's an open-source project that provides pre-built vulnerable environments for testing and learning purposes. The project is maintained by phith0n and is available on GitHub. The repository contains a variety of vulnerable...

USN-4848-1: mini_httpd vulnerability

It was discovered that ACME minihttpd did not properly handle HTTP GET requests with empty headers. A remote attacker could use this vulnerability to read arbitrary files...

Ubuntu: Security Advisory (USN-4754-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4754-3: Python vulnerabilities

USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 and Ubuntu 20.04. In the case of Python 2.7 for 20.04, these additional fixes are included: It was dicovered that Python allowed remote attackers to cause a denial of service resource...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2021-1663)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2021-1602)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.0 : httpd (EulerOS-SA-2021-1663)

According to the version of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would resul...

EulerOS Virtualization 2.9.1 : httpd (EulerOS-SA-2021-1602)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge...

EulerOS Virtualization 3.0.2.6 : ruby (EulerOS-SA-2021-1450)

According to the version of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled wit...