5758 matches found
CVE-2024-45416
The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in sessioninit function. The session -LUA- files are stored in the directory /var/luasession, the function iterates on all files in this directory and executes them using the function dofile without any validation i...
CVE-2024-45415
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in checkdataintegrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksu...
CVE-2024-45414
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checki...
CVE-2024-45415
The CVE-2024-45415 issue affects multiple ZTE routers running HTTPD. A stack-based buffer overflow in check_data_integrity, which validates the checksum of POST data, allows an unauthenticated attacker to achieve root RCE by triggering improper handling of the decrypted, unchecked checksum on the...
CVE-2024-45414
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checki...
CVE-2024-45416
CVE-2024-45416 affects the HTTPD binary in multiple ZTE routers. A local file inclusion flaw exists in session_init: session files stored in /var/lua_session are enumerated and executed via dofile without validating whether each file is a valid session file. An attacker able to place a malicious ...
CVE-2024-45413
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsadecrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RC...
CVE-2024-45415
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in checkdataintegrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksu...
CVE-2024-45413
The CVE-2024-45413 issue affects the HTTPD binary in multiple ZTE routers. A stack-based buffer overflow in rsa_decrypt, an API wrapper for LUA used to decrypt RSA ciphertext, stores decrypted data on the stack without length checks. This allows an authenticated attacker to achieve remote code ex...
RHSA-2014:0783 Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 httpd security and bug fix update
Bulletin has no description...
RHSA-2014:0826 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2 httpd security update
Bulletin has no description...
RHSA-2014:0370 Red Hat Security Advisory: httpd security update
Bulletin has no description...
RHSA-2014:0369 Red Hat Security Advisory: httpd security update
Bulletin has no description...
RHSA-2013:1156 Red Hat Security Advisory: httpd security update
Bulletin has no description...
RHSA-2013:1133 Red Hat Security Advisory: httpd security update
Bulletin has no description...
RHSA-2013:0815 Red Hat Security Advisory: httpd security update
Bulletin has no description...
RHSA-2013:0130 Red Hat Security Advisory: httpd security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2013:0512 Red Hat Security Advisory: httpd security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2012:0323 Red Hat Security Advisory: httpd security update
Bulletin has no description...
RHSA-2012:0128 Red Hat Security Advisory: httpd security update
Bulletin has no description...