Maintenance update for Multi-Linux Manager 4.3: Server, Proxy and Retail Branch Server

Description: This update fixes the following issues: mgr-daemon: Version 4.3.12-0: Updated translation strings proxy-helm: Version 4.3.17: Chart rebuilt to the newest version with updated dependencies for SUSE Manager 4.3.16 proxy-httpd-image: Version 4.3.18: Image rebuilt to the newest version...

CVE-2025-8060 Tenda AC23 httpd setMacFilterCfg sub_46C940 stack-based overflow

A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub46C940 of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack ca...

Tenda AC23 安全漏洞

Tenda AC23 is a high performance wireless router from Tenda Technology. A buffer overflow vulnerability exists in Tenda AC23 version 16.03.07.52, which originates from the mishandling of the deviceList parameter in the sub46C940 function in the httpd component/goform/setMacFilterCfg file. An...

Slackware Linux 15.0 / current httpd Multiple Vulnerabilities (SSA:2025-204-01)

The version of httpd installed on the remote host is prior to 2.4.65. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-204-01 advisory. New httpd packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

K000152669: Apache HTTPD vulnerability CVE-2025-23048

Security Advisory Description In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each...

CVE-2025-8017

CVE-2025-8017 affects Tenda AC7 (version 15.03.06.44) in the httpd component. The vulnerability is a stack-based overflow in the function formSetMacFilterCfg within /goform/setMacFilterCfg, triggered by manipulating the deviceList input. Exploitation can be performed remotely, and public exploits...

CVE-2025-7914 Tenda AC6 httpd setparentcontrolinfo buffer overflow

A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component httpd. The manipulation leads to buffer overflow. The attack can be launched remotely...

AUO DIR-605L Buffer Overflow Vulnerability

The AUO DIR-605L is the first cloud router from AUO designed for home and small office networks. The AUO DIR-605L suffers from a buffer overflow vulnerability that originates from the failure of Language, a parameter of the function sub410DDC in the file switchlanguage.cgi in the httpd component,...

Azure Linux 3.0 Security Update: httpd (CVE-2025-49630)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49630 advisory. - In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 throug...

Azure Linux 3.0 Security Update: httpd (CVE-2024-43204)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43204 advisory. - SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL...

Azure Linux 3.0 Security Update: httpd (CVE-2025-23048)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23048 advisory. - In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by...

Azure Linux 3.0 Security Update: httpd (CVE-2024-42516)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42516 advisory. - HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the...

CBL Mariner 2.0 Security Update: httpd (CVE-2025-49812)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49812 advisory. - In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation...

CBL Mariner 2.0 Security Update: httpd (CVE-2024-43204)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43204 advisory. - SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL...

CBL Mariner 2.0 Security Update: httpd (CVE-2025-23048)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23048 advisory. - In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by...

CBL Mariner 2.0 Security Update: httpd (CVE-2025-53020)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-53020 advisory. - Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apach...

Azure Linux 3.0 Security Update: httpd (CVE-2025-49812)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49812 advisory. - In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation...

CBL Mariner 2.0 Security Update: httpd (CVE-2024-47252)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47252 advisory. - Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an...

CBL Mariner 2.0 Security Update: httpd (CVE-2024-42516)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42516 advisory. - HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the...

Azure Linux 3.0 Security Update: httpd (CVE-2025-53020)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-53020 advisory. - Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apach...