5772 matches found
CVE-2021-34983
NETGEAR multiple routers are affected by a pre-authentication httpd limitation that allows network-adjacent attackers to disclose sensitive information and potentially stored credentials. Root cause: lack of authentication before access to system configuration via the httpd service (port 80). The...
CVE-2021-34983 NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability
NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit...
CVE-2021-34982
The CVE-2021-34982 entry describes a pre-auth, remote code execution vulnerability in the httpd service of NETGEAR routers. The flaw is a stack-based buffer overflow caused by unchecked length of user-supplied data in the strings file, leading to code execution with root privileges when a network...
CVE-2021-34982 NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability
NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The...
httpd: CONTINUATION frames DoS
A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...
CVE-2024-24795 affecting package httpd for versions less than 2.4.59-1
CVE-2024-24795 affecting package httpd for versions less than 2.4.59-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-27316 affecting package httpd for versions less than 2.4.59-1
CVE-2024-27316 affecting package httpd for versions less than 2.4.59-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-38709 affecting package httpd for versions less than 2.4.59-1
CVE-2023-38709 affecting package httpd for versions less than 2.4.59-1. An upgraded version of the package is available that resolves this issue...
httpd:2.4/mod_http2 security update
An update is available for httpd, modmd, modhttp2, module.modmd, module.modhttp2, module.httpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd package...
RLSA-2024:1786 Important: httpd:2.4/mod_http2 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modhttp2: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
CVE-2023-50224
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability...
CVE-2023-50224
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability...
CVE-2023-50210
D-Link G416 httpd API-AUTH Digest Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this...
CVE-2023-50199
D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The...
CVE-2023-50199
D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The...
CVE-2023-44447
TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability. Th...
CVE-2023-44447
TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability. Th...
CVE-2023-50224 TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability...
CVE-2023-50224 TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability...
CVE-2023-50224
CVE-2023-50224 affects TP-Link TL-WR841N (and related models such as Archer C7 variants). The vulnerability resides in the httpd service listening on port 80 and allows an authentication bypass, enabling network-adjacent attackers to disclose stored credentials (notably in /tmp/dropbear/dropbearp...