CVE-2020-2530

CVE-2020-2530 affects Oracle Fusion Middleware Oracle HTTP Server (Web Listener). Connected sources specify affected versions: 11.1.1.9.0, 12.1.3.0.0, and 12.2.1.3.0. The vulnerability is an authentication bypass in the Web Listener, allowing an unauthenticated, network-accessing attacker (via HT...

Unspecified Vulnerability in Oracle HTTP Server (CNVD-2020-09679)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle. The platform provides middleware, software collection and other functions. HTTP Server is one of the HTTP server component. An unspecified vulnerability...

Kubernetes: Kubelet resource exhaustion attack via metric label cardinality explosion from unauthenticated requests

Report Submission Form Summary: Malicious clients can potentially DOS a kubelet by sending a high amount of specially crafted requests to the kubelet's HTTP server. For each request the kubelet updates/sets 3 metrics: - kubelethttprequeststotal Counter - kubelethttprequestsdurationseconds Histogr...

Multiple Oracle Products Multiple Remote Security Vulnerabilities

Description Multiple Oracle Products are prone to multiple remote security vulnerabilities. These vulnerabilities can be exploited over multiple protocols. The 'OSSL Module', 'SSL API' and 'Web Listener' components are affected. Technologies Affected Oracle HTTP Server 11.1.1.9.0 Oracle HTTP Serv...

Oracle January 2020 Critical Patch Update Multiple Vulnerabilities

Description Oracle has released advance notification regarding the January 2020 Critical Patch Update CPU to be released on January 14, 2020. The update addresses 333 vulnerabilities affecting the following software: Oracle Database Server, versions 12.2.0.1, 18c, 19c Oracle Communications Design...

[SECURITY] Fedora 31 Update: php-7.3.13-1.fc31

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

[SECURITY] Fedora 30 Update: php-7.3.13-1.fc30

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Updated exiv2 packages fix security vulnerabilities

The updated packages fix security vulnerabilities: An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. CVE-2019-13108 An integer overflow in Exiv2...

NewStart CGSL CORE 5.05 / MAIN 5.05 : mod_auth_openidc Multiple Vulnerabilities (NS-SA-2019-0243)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has modauthopenidc packages installed that are affected by multiple vulnerabilities: - The OpenID Connect Relying Party and OAuth 2.0 Resource Server aka modauthopenidc module before 2.1.6 for the Apache HTTP Server does not sk...

NewStart CGSL CORE 5.05 / MAIN 5.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0250)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has httpd packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/',...

[R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities

Tenable.sc leverages third-party software to help provide underlying functionality. Three separate third-party components OpenSSL, Apache HTTP Server, SimpleSAMLphp were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line wi...

Thrive Smart Home v1.1 Reflected Cross-Site Scripting

Summary As smart home technology becomes more affordable and easy to install with services offered by Thrive Smart Homes, there are some great options available to give your home a high-tech makeover. If the convenience of feeding your cat or turning on your air conditioning with a tap on your...

CVE-2018-12122

It was found that Node.js HTTP server was vulnerable to a Slowloris type attack. An attacker could make long lived connections by sending bytes very slowly to the server, saturating its resource and possibly resulting in a denial of service. Mitigation The use of a Load Balancer or a Reverse Prox...

CVE-2013-4743

Static HTTP Server 1.0 has a Local Overflow...

Buffer overflow

Static HTTP Server 1.0 has a Local Overflow...

CVE-2013-4743

Static HTTP Server 1.0 has a documented Local/Buffer Overflow vulnerability. The issue stems from memory operations performed without proper data boundary validation, leading to potential reads/writes beyond allocated memory (buffer/heap overflow). Impacts cited include memory corruption and cras...

CVE-2013-4743

Static HTTP Server 1.0 has a Local Overflow...

EulerOS 2.0 SP5 : httpd (EulerOS-SA-2019-2691)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause...

CVE-2018-11763

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server

Summary The following security issues have been identified in the WebSphere Application Server and IHS server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID: CVE-2019-0220 DESCRIPTION: A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When...