11649 matches found
Denial Of Service
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for ...
Denial Of Service
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for ...
Path Traversal
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for ...
Privilege Escalation
Apache HTTP Server is vulnerable to privilege escalation vulnerability. The vulnerability exists due to an improper input validation flaw in an unknown code block of the component modsessionin in the way it handles HTTP session headers in some configurations. A remote attacker could influence the...
Privilege Escalation
Apache HTTP Server is vulnerable to privilege escalation. This is because, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. An attacker could replay the HTTP requests across servers without...
Denial Of Service (DoS)
Apache HTTP Server is vulnerable to denial of service DoS attacks. A remote user can send specially crafted HTTP/2 requests to cause worker processes to be allocated for 60 seconds longer than required, consuming excessive worker resources casing a worker exhaustion and an application crash...
Oracle Enterprise Manager Ops Center (Apr 2019 CPU)
The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. CVE-2016-1000031 - An...
Security Bulletin: Multiple Vulnerabilities in IBM HTTP Server bundled with IBM WebSphere Application Server Patterns (CVE-2019-0211 CVE-2019-0220)
Summary IBM HTTP Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting IBM HTTP Server have been published in a security bulletin. Vulnerability Details Please consult the following security bulletin for vulnerability...
[SECURITY] Fedora 28 Update: httpd-2.4.39-1.1.fc28
The Apache HTTP Server is a powerful, efficient, and extensible web server...
Node.js third-party modules: [larvitbase-www] Unintended Require
I would like to report Unintended Require vulnerability in larvitbase-www It is similar to bug found here 566056 because the module is maintained by the same developer, but it is a different module and the code behind the vulnerability is different. It allows loading arbitary non-production code ...
EulerOS Virtualization for ARM 64 3.0.1.0 : httpd (EulerOS-SA-2019-1389)
According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the...
Pair of Cisco Bugs, One Unpatched, Affect Millions of Devices
Cisco has disclosed an unpatched, high-severity vulnerability that impacts millions of devices, in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation. Cisco has also disclosed a similarly widely-impacting high-severity bug tha...
CVE-2018-4028
An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send an HTTP POS...
CVE-2018-4018
An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or...
Design/Logic Flaw
An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or...
Cross site request forgery (csrf)
An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send an HTTP POS...
CVE-2018-4028
An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send an HTTP POS...
CVE-2018-4028
The CVE-2018-4028 issue affects the NT9665X chipset firmware in the Anker Roav A1 Dashcam (RoavA1_SW_V1.9). A vulnerability in the HTTP server could allow an attacker to overwrite the root directory via an HTTP POST, causing a denial of service. Talos details describe a firmware-update vulnerabil...
CVE-2018-4018
CVE-2018-4018 affects the NT9665X Chipset firmware used in the Anker Roav A1 Dashcam (version RoavA1_SW_V1.9). The vulnerability arises from the HTTP server that handles firmware updates, allowing an attacker to upload arbitrary firmware binaries via HTTP PUT or upgrade requests, which are flashe...
Novatek NT9665X HFS Overwrite denial-of-service vulnerability
Summary An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9.” The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send a...