Micrium uC-HTTP HTTP Server unchecked return value denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...

Micrium uC-HTTP HTTP Server null pointer dereference denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...

Selea Targa IP OCR-ANPR Camera - CSRF Add Admin

Exploit Title: Selea Targa IP OCR-ANPR Camera - CSRF Add Admin Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera CSRF Add Admin Exploit Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model: iZero Targa...

Oracle Enterprise Manager Ops Center (Jan 2021 CPU)

The 12.4.0.0 versions of Enterprise Manager Ops Center installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2021 CPU advisory. - Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager component: Control Proxy Apache HT...

IBM HTTP Server 7.0.0.0 <= 7.0.0.41 / 8.0.0.0 < 8.0.0.13 / 8.5.0.0 < 8.5.5.11 / 9.0.0.0 < 9.0.0.2 Multiple Vulnerabilities (548231)

The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities related to Apache HTTP Server, as follows: - Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service memory...

[SECURITY] Fedora 32 Update: php-7.4.14-1.fc32

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Debian: Security Advisory (DLA-2520-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2520-1 : golang-websocket security update

There was an integer overflow vulnerability concerning the length of websocket frames received via a websocket connection. An attacker could use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections. For Debian 9 stretch, this problem has been fixed in...

[SECURITY] [DLA 2520-1] golang-websocket security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2520-1 [email protected] https://www.debian.org/lts/security/ Brian May January 07, 2021 https://wiki.debian.org/LTS -...

IBM HTTP Server 7.0.0.0 <= 7.0.0.43 / 8.0.0.0 <= 8.0.0.14 / 8.5.0.0 < 8.5.5.14 / 9.0.0.0 < 9.0.0.8 Multiple Vulnerabilities (569295)

The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities related to Apache HTTP Server, as follows: - A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached...

IBM HTTP Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 < 8.5.5.16 / 9.0.0.0 < 9.0.5.0 Multiple Vulnerabilities (880413)

The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities related to Apache HTTP Server, as follows: - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/',...

IBM HTTP Server 8.5.0.0 <= 8.5.5.4 / 8.0.0.0 <= 8.0.0.10 / 7.0.0.0 <= 7.0.0.35 / 6.1.0.0 <= 6.1.0.47 / 6.0.0.0 <= 6.0.2.43 (521711)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability. The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway,...

IBM HTTP Server 7.0.0.0 < 7.0.0.43 / 8.0.0.0 < 8.0.0.14 / 8.5.0.0 < 8.5.5.12 / 9.0.0.0 < 9.0.0.3 Response Splitting (289001)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability related to Apache HTTP Server. Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these...

IBM HTTP Server 7.0.0.0 < 7.0.0.45 / 8.0.0.0 < 8.0.0.14 / 8.5.0.0 < 8.5.5.12 / 9.0.0.0 < 9.0.0.5 Multiple Vulnerabilities (563615)

The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities related to Apache HTTP Server, as follows: - In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modmime can read one byte past the end of a buffer when sending a malicious Content-Type...

IBM HTTP Server 7.0.0.0 <= 7.0.0.43 / 8.0.0.0 <= 8.0.0.14 / 8.5.0.0 < 8.5.5.14 / 9.0.0.0 < 9.0.0.8 Multiple Vulnerabilities (569301)

The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities, including the following: - IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 duplicates the PRNG state across fork system calls when multiple ICC instances are loaded which cou...

IBM HTTP Server 8.5.0.0 <= 8.5.5.1 / 8.0.0.0 <= 8.0.0.8 / 7.0.0.0 <= 7.0.0.31 / 6.1.0.0 <= 6.1.0.47 (505927)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability. IBM Global Security Kit aka GSKit, as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption of an SSL...

IBM HTTP Server 8.0.0.0 <= 8.0.0.11 / 8.5.0.0 <= 8.5.5.6 (533837)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability. The BNGF2mmodinv function in crypto/bn/bngf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve...

IBM HTTP Server 8.0.x < 8.0.0.9 / 8.5.x < 8.5.5.3 (247195)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability. The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a...

IBM HTTP Server 7.0.0.0 <= 7.0.0.43 Information Disclosure (567509)

The version of IBM HTTP Server running on the remote host is affected by a side channel information disclosure. GSKit V7 discloses side channel information via discrepancies between valid and invalid PKCS1 padding. Note that Nessus has not tested for this issue but has instead relied only on the...

IBM HTTP Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 < 8.5.5.17 / 9.0.0.0 < 9.0.5.1 Multiple Vulnerabilities (964768)

The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities as follows: - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while...