OESA-2026-2220 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads wi...

Astra Linux - уязвимость в apache2

In Apache HTTP Server versions 2.4.0 to 2.4.46, a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Flask (SUSE-SU-2026:0849-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0849-1 advisory. This update for python-Flask fixes the following issue: - CVE-2026-27205: information disclosure due to...

PT-2026-22757

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session-ncp hdr buf in pilot parsing ncp causes a denial of service...

CVE-2026-27205 Flask session does not add `Vary: Cookie` header when accessed in some ways

Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...

PT-2024-23122

Name of the Vulnerable Software and Affected Versions AuthKit library for Next.js versions prior to 0.4.2 Description The issue allows a user to reuse an expired session by controlling the x-workos-session header. This can be exploited to bypass session expiration. Recommendations For versions...

SUSE CVE-2018-1283

In Apache httpd 2.4.0 to 2.4.29, when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a "Session" header. This comes from the "HTTPSESSION" variable name used by modsession to forward its...

SUSE CVE-2021-26691

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

httpd: mod_session: Heap overflow via a crafted SessionHeader value

A heap overflow flaw was found In Apache httpd modsession. The highest threat from this vulnerability is to system availability...

httpd: mod_session: Heap overflow via a crafted SessionHeader value

A heap overflow flaw was found In Apache httpd modsession. The highest threat from this vulnerability is to system availability...

OESA-2021-1246 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflowCVE-2021-26691 Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhtt...

USN-4994-2 apache2 vulnerabilities

USN-4994-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Antonio Morales discovered that the Apache modauthdigest module incorrectly handled certain Digest nonces. A remote attacker coul...

DEBIAN-CVE-2021-26691

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

ALPINE-CVE-2021-26691

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

AZL-6477 CVE-2021-26691 affecting package httpd for versions less than 2.4.46-10

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

UBUNTU-CVE-2021-26691

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

Apache HTTP Server 安全漏洞

Apache HTTP Server is an open source web server from the Apache Foundation. The server is fast, reliable, and extensible via a simple API.A denial-of-service vulnerability exists in Apache HTTP Server, which results from a crash caused by a NULL pointer dereference. An attacker could exploit this...

httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications

It has been discovered that the modsession module of Apache HTTP Server httpd, through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a "Session" header...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-2593)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications

It has been discovered that the modsession module of Apache HTTP Server httpd, through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a "Session" header...