OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

Low: httpd

Issue Overview: In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP server. CVE-2020-1934 In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded...

[SECURITY] Fedora 32 Update: php-7.4.6-1.fc32

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server April 2020 CPU that is bundled with IBM WebSphere Application Server Patterns

Summary There are multiple vulnerabilities in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in April 2020. Vulnerability Details CVEID: CVE-2019-2949 DESCRIPTION: An unspecified vulnerability in...

EulerOS Virtualization for ARM 64 3.0.2.0 : python (EulerOS-SA-2020-1516)

According to the versions of the python packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Python Software Foundation Python CPython version 2.7 contains a CWE-77: Improper Neutralization of Special Elements...

EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2020-1542)

According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated we...

EulerOS Virtualization for ARM 64 3.0.2.0 : httpd (EulerOS-SA-2020-1552)

According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential...

java security update

CentOS Errata and Security Advisory CESA-2020:1512 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

Fedora: Security Advisory for php (FEDORA-2020-62ee541bbb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for php (FEDORA-2020-60f9a47657)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for php (FEDORA-2020-96cb012029)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1552)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-12442

Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250...

Sql injection

Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250...

CVE-2020-12442

Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250...

CVE-2020-12442

Ivanti Avalanche 6.3 is affected by CVE-2020-12442, a SQL injection due to inadequate validation of externally entered SQL statements in the database-based application. The issue is described as being vaguely associated with the Apache HTTP Server (Bug 683250) and is scored as high severity (CVSS...

Moderate: Red Hat Security Advisory: mod_auth_mellon security and bug fix update

An update for modauthmellon is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Moderate: Red Hat Security Advisory: php:7.2 security, bug fix, and enhancement update

An update for the php:7.2 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: mod_auth_mellon security and bug fix update

The modauthmellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fixes: modauthmellon: Open Redirect via the login?ReturnT...

Moderate: php:7.2 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.2.24. BZ1726981 Security Fixes: php: Invalid memory access in function xmlrpcdecode CVE-2019-9020 php: File rename across filesystems...