Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3322 matches found

OSV
OSVadded 2022/06/09 5:15 p.m.39 views

CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

7.5CVSS9.2AI score
Exploits0References6
OSV
OSVadded 2022/06/09 5:15 p.m.2 views

DEBIAN-CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

7.5CVSS8AI score0.05678EPSS
Exploits0References1
NVD
NVDadded 2022/06/09 5:15 p.m.33 views

CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

7.5CVSS0.05678EPSS
Exploits0References6
NVD
NVDadded 2022/06/09 5:15 p.m.25 views

CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

9.1CVSS0.05729EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2022/06/09 5:15 p.m.1 views

CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

7.5CVSS7.1AI score0.05678EPSS
Exploits0References9
OSV
OSVadded 2022/06/09 5:15 p.m.1 views

ALPINE-CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

7.5CVSS6.8AI score0.05678EPSS
Exploits0References1
OSV
OSVadded 2022/06/09 5:15 p.m.2 views

ALPINE-CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

9.1CVSS6.8AI score0.05729EPSS
Exploits0References1
OSV
OSVadded 2022/06/09 5:15 p.m.1 views

UBUNTU-CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

9.1CVSS7.2AI score0.05729EPSS
Exploits0References7
Prion
Prionadded 2022/06/09 5:15 p.m.33 views

Out-of-bounds

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

6.4CVSS9.1AI score0.05729EPSS
Exploits0References6Affected Software2
Prion
Prionadded 2022/06/09 5:15 p.m.31 views

Design/Logic Flaw

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

5CVSS8.1AI score0.05678EPSS
Exploits0References6Affected Software2
OSV
OSVadded 2022/06/09 5:15 p.m.0 views

UBUNTU-CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

7.5CVSS7.1AI score0.05678EPSS
Exploits0References7
Tenable Nessus
Tenable Nessusadded 2022/06/09 12:0 a.m.51 views

Apache APISIX < 2.13.0 Input Validation

The version of Apache APISIX installed on the remote host is prior to 2.13.0. It is, therefore, potentially affected by an input validation vulnerability. When decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, t...

9.8CVSS8.4AI score0.02384EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2022/06/09 12:0 a.m.58 views

CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

9.1CVSS7.2AI score0.05729EPSS
Exploits0References6
UbuntuCve
UbuntuCveadded 2022/06/09 12:0 a.m.66 views

CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

7.5CVSS7.1AI score0.05678EPSS
Exploits0References6
Hacker One
Hacker Oneadded 2022/06/08 11:34 p.m.63 views

Internet Bug Bounty: Read beyond bounds via ap_rwrite() [zhbug_httpd_47.2]

Greetings. I have found that aprwrite /server/protocol.c can cause a read beyond bounds with the extra data sent to an attacker. The bug is that aprwrite passes its |int nbyte| argument to bufferoutput, where bufferoutput's corresponding |len| argument isa |aprsizet|. Thus, a negative |nbyte| val...

5CVSS7.5AI score0.04428EPSS
Exploits0
Hacker One
Hacker Oneadded 2022/06/08 11:2 p.m.110 views

Internet Bug Bounty: Controllable read beyond bounds in lua_websocket_readbytes() [zhbug_httpd_126]

Greetings. I have found a read-beyond-bounds bug in luawebsocketreadbytes that permits an attacker to exfiltrate a controllable amount of heap data if the victim site runs a suitable LUA program. The bug is due to misuse of apgetbrigade and aprbucketread. The following code from v2.4.53 assumes...

5CVSS8.7AI score0.04687EPSS
Exploits0
Debian CVE
Debian CVEadded 2022/06/08 10:0 a.m.60 views

CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

7.5CVSS8AI score0.05678EPSS
Exploits0
AlpineLinux
AlpineLinuxadded 2022/06/08 10:0 a.m.43 views

CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

7.5CVSS8.7AI score0.05678EPSS
Exploits0
CVE
CVEadded 2022/06/08 10:0 a.m.1674 views

CVE-2022-29404

CVE-2022-29404 affects Apache HTTP Server 2.4.53 and earlier. The vulnerability lies in the mod_lua code path: a malicious request to a Lua script calling r:parsebody(0) can cause a denial of service due to no default input size limit. Impact is DoS (availability) with network exposure; no data c...

7.5CVSS8.5AI score0.05678EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVEadded 2022/06/08 10:0 a.m.56 views

CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

9.1CVSS8.2AI score0.05729EPSS
Exploits0
Rows per page
Query Builder