CVE-2026-8175 Multiple vulnerabilities in Aspera applications.

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could be exploited to caus...

ALSA-2026:21391 Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due to missing null-termination...

IBM Aspera High-Speed Transfer Endpoint和IBM Aspera High-Speed Transfer Server 安全漏洞

IBM Aspera High-Speed Transfer Endpoint and IBM Aspera High-Speed Transfer Server are products of American International Business Machines Corporation IBM. The IBM Aspera High-Speed Transfer Endpoint is a high-speed file transfer and data exchange node service. The IBM Aspera High-Speed Transfer...

Important: httpd

Issue Overview: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue. CVE-2026-24072 Heap-based Buffer...

Fedora 43 : httpd (2026-0c87f546f8)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0c87f546f8 advisory. - new version 2.4.67 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...

VulnCheck KEV: CVE-2017-7577

XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request...

httpd: Fix of 5 CVEs

CVE-2026-28780: modproxyajp 4-byte heap buffer overflow when contacting a malicious AJP backend off-by-AJPHEADERLEN check in ajpmsgcheckheader - CVE-2026-34059: modproxyajp heap over-read in ajpparsedata on short AJP replies - CVE-2026-33006: modauthdigest used non-constant-time strcmp for...

F5 Networks BIG-IP : BIG-IP httpd access control vulnerability (K000156604)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000156604 advisory. When configured, IP-based access restrictions forhttpddo not cover all endpoints, which may allow...

Astra Linux - уязвимость в subversion

Apache Subversion SVN’s “authz” feature prevents the display of “copyfrom” paths that should be hidden according to configured path-based authorization rules. When a node is copied from a protected location, users with access to the copy can see the “copyfrom” path of the original node. This also...

CVE-2026-33007 affecting package httpd for versions less than 2.4.67-1

CVE-2026-33007 affecting package httpd for versions less than 2.4.67-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-34032 affecting package httpd for versions less than 2.4.67-1

CVE-2026-34032 affecting package httpd for versions less than 2.4.67-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-34059 affecting package httpd for versions less than 2.4.67-1

CVE-2026-34059 affecting package httpd for versions less than 2.4.67-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-33857 affecting package httpd for versions less than 2.4.67-1

CVE-2026-33857 affecting package httpd for versions less than 2.4.67-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-24072 affecting package httpd for versions less than 2.4.67-1

CVE-2026-24072 affecting package httpd for versions less than 2.4.67-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-29169 affecting package httpd for versions less than 2.4.67-1

CVE-2026-29169 affecting package httpd for versions less than 2.4.67-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-33006 affecting package httpd for versions less than 2.4.67-1

CVE-2026-33006 affecting package httpd for versions less than 2.4.67-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-23918 affecting package httpd for versions less than 2.4.67-1

CVE-2026-23918 affecting package httpd for versions less than 2.4.67-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-29168 affecting package httpd for versions less than 2.4.67-1

CVE-2026-29168 affecting package httpd for versions less than 2.4.67-1. An upgraded version of the package is available that resolves this issue...

CLSA-2026-1779129849 httpd: Fix of CVE-2026-28780

CVE-2026-28780: modproxyajp: heap-based buffer overflow in ajpmsgcheckheader — message size check did not subtract AJPHEADERLEN, letting a crafted AJP reply write 4 bytes past the end of the heap buffer...

CLSA-2026-1779091399 httpd: Fix of 8 CVEs

CVE-2026-24072: modrewrite/modsetenvif: use APEXPRFLAGRESTRICTED in htaccess to prevent reading server-side files via apexpr from .htaccess - CVE-2026-29169: moddavlock: NULL pointer dereference in davgenericrefreshlocks use dpscan instead of dp - CVE-2026-33006: modauthdigest: timing attack —...