SUSE CVE-2015-3184

modauthzsvn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name...

SUSE CVE-2016-6312

The moddontdothat component of the moddavsvn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service memory...

SUSE CVE-2017-3169

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...

SUSE CVE-2017-7679

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modmime can read one byte past the end of a buffer when sending a malicious Content-Type response header...

SUSE CVE-2017-9798

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker...

SUSE CVE-2017-15710

In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...

SUSE CVE-2018-1283

In Apache httpd 2.4.0 to 2.4.29, when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a "Session" header. This comes from the "HTTPSESSION" variable name used by modsession to forward its...

SUSE CVE-2018-11759

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...

SUSE CVE-2019-10137

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitra...

SUSE CVE-2020-25623

Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used...

SUSE CVE-2021-28544

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom...

SUSE CVE-2021-41524

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...

The vulnerability in the strcmp() function of the httpd daemon of the microprogrammed router software for TP-Link Archer C5 version 2 and TP-Link WR710N version 1 allows a hacker to gain unauthorized access to protected information.

The vulnerability of the strcmp function in the httpd daemon of TP-Link Archer C5 version 2 and TP-Link WR710N version 1 is related to the creation of a secondary synchronization channel due to time differences. Exploiting this vulnerability can allow an attacker to gain unauthorized access to...

The vulnerability in the httpd-demon of TP-Link Archer C5 version 2 and TP-Link WR710N version 1 allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the httpd daemon in the microprogramming-based routing software of TP-Link Archer C5 version 2 and TP-Link WR710N version 1 is related to buffer overflows during packet processing. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause service...

CVE-2022-37436 affecting package httpd for versions less than 2.4.55-1

CVE-2022-37436 affecting package httpd for versions less than 2.4.55-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-36760 affecting package httpd for versions less than 2.4.55-1

CVE-2022-36760 affecting package httpd for versions less than 2.4.55-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-36760 affecting package httpd 2.4.54-1

CVE-2022-36760 affecting package httpd 2.4.54-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-37436 affecting package httpd 2.4.54-1

CVE-2022-37436 affecting package httpd 2.4.54-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-0782 Tenda AC23 httpd formGetSysToolDDNS out-of-bounds write

A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit has been disclosed t...

PT-2023-7624 · Tenda · Tenda Ac23

Name of the Vulnerable Software and Affected Versions: Tenda AC23 version 16.03.07.45 Description: The issue is related to a stack-based buffer overflow in the formSetSysToolDDNS/formGetSysToolDDNS function of the /bin/httpd file. This can be exploited by a remote attacker to cause a denial of...