1615 matches found
NextChat - Server-Side Request Forgery
NextChat v2.12.3 suffers from a Server-Side Request Forgery SSRF and Cross-Site Scripting vulnerability due to a lack of validation of the GET parameter on the WebDav API endpoint. id: CVE-2024-38514 info: name: NextChat - Server-Side Request Forgery author: DhiyaneshDk severity: high description...
AfterLogic Aurora and WebMail Pro < 7.7.9 - Information Disclosure
AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP GET request to WebDAV EndPoint with built-in “caldavpublicuser@localhost” and it’s the predefined password “caldavpublicuser” allows the attacker to read all fil...
[SECURITY] Fedora 44 Update: nextcloud-33.0.6-1.fc44
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
GHSA-3WHC-QVHV-XQJP goshs: WebDAV listener ignores --read-only, --upload-only, and --no-delete mode flags
WebDAV listener ignores --read-only, --upload-only, and --no-delete mode flags Ecosystem: Go Package: goshs.de/goshs/v2 github.com/patrickhener/goshs Affected: /tmp/r/x.txt goshs -p 18000 -wp 18001 -w -ro -d /tmp/r -b admin:pw & curl -u admin:pw -X PUT http://localhost:18000/y.txt --data x 403 HT...
httpd: Apache httpd mod_dav_fs: Denial of Service due to path handling issue
A flaw was found in the moddavfs module of Apache HTTP Server. A WebDAV Web Distributed Authoring and Versioning content author could exploit a path handling issue to directly manipulate trusted DAV property databases. This manipulation could potentially lead to child process crashes, resulting i...
PT-2026-54775
Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.10 Description When the WebDAV listener is enabled using the -w flag, the software fails to enforce mode-restriction flags on the WebDAV port. While the primary HTTP port correctly respects the --read-only,...
SUSE-SU-2026:2675-1 Security update for tomcat
This update for tomcat fixes the following issues Update to Tomcat 9.0.118: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165. -...
Amazon Linux 2 : httpd, --advisory ALAS2-2026-3379 (ALAS-2026-3379)
The version of httpd installed on the remote host is prior to 2.4.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3379 advisory. Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HT...
SUSE-SU-2026:22195-1 Security update for tomcat
This update for tomcat fixes the following issues Update to Tomcat 9.0.118: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165. -...
SUSE-SU-2026:22197-1 Security update for tomcat10
This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165....
OPENSUSE-SU-2026:21121-1 Security update for tomcat11
This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165....
USN-8450-1: Tomcat vulnerabilities
It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could possibly use this issue to cause Tomcat to consume excessive memory, resulting in a denial of service. CVE-2026-41284 It was discovered that Tomcat incorrectly validat...
[SECURITY] Fedora 44 Update: nextcloud-33.0.5-1.fc44
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
[SECURITY] Fedora 43 Update: nextcloud-33.0.5-1.fc43
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
Windows Server 2003 & IIS 6.0 - Remote Code Execution
Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service that could allow remote attackers to execute arbitrary code via a long header beginning with "If http://" in a PROPFIND...
SUSE SLES15 Security Update : tomcat10 (SUSE-SU-2026:2377-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2377-1 advisory. This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: - CVE-2026-41284: Unbounded read in WebDAV LOCK and...
SUSE SLES15 Security Update : tomcat11 (SUSE-SU-2026:2374-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2374-1 advisory. This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: - CVE-2026-41284: Unbounded read in WebDAV LOCK and...
WsgiDAV encoded dot segments can escape filesystem share roots
Impact WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a specific path layout. Patches The issue is fixed with version 4.3.4. Preconditions The practical impact depends on the deployment. The deployment...
GHSA-WXQ4-CC2Q-338Q WsgiDAV encoded dot segments can escape filesystem share roots
Impact WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a specific path layout. Patches The issue is fixed with version 4.3.4. Preconditions The practical impact depends on the deployment. The deployment...
Security update for tomcat10
This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. CVE-2026-42498: WebSocket authentication header exposure bsc1265165...