K000132525: Apache vulnerability CVE-2006-20001

Security Advisory Description A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE-2006-2000...

Apache HTTP Server SEoL (1.4.x <= x <= 2.0.x)

According to its version, Apache HTTP Server is between 1.4.x and 2.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering

CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:F/RL:O/RC:C 8.2 Problem TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In combination with the TypoScript setting...

GHSA-R4F8-F93X-5QH3 TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering

CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:F/RL:O/RC:C 8.2 Problem TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In combination with the TypoScript setting...

CVE-2023-24814

TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In...

CVE-2023-24814 Persisted Cross-Site Scripting in Frontend Rendering in typo3

TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In...

Updated apache packages fix security vulnerability

CVE-2022-37436: Apache HTTP Server: modproxy prior to 2.4.55 allows a backend to trigger HTTP response splitting. Prior to 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers ha...

TYPO3 8.7.0 < 8.7.51 ELTS / 9.0.0 < 9.5.40 ELTS / 10.0.0 < 10.4.36 / 11.0.0 < 11.5.23 / 12.0.0 < 12.2.0 XSS (TYPO3-CORE-SA-2023-001)

The version of TYPO3 installed on the remote host is prior to 8.7.0 8.7.51 ELTS / 9.0.0 9.5.40 ELTS / 10.0.0 10.4.36 / 11.0.0 11.5.23 / 12.0.0 12.2.0. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2023-001 advisory. - TYPO3 core component...

git security update

2.31.1-3 - Fixes CVE-2022-23521 and CVE-2022-41903 - Tests: try harder to find open ports for apache, git, and svn - Resolves: 2162069...

Apache InLong Deserialization Vulnerability (CNVD-2023-25934)

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. Apache InLong suffers from a deserialization vulnerability that can be exploited by a remote attacker to submit a special request and execute arbitrary code in the application context...

CVE-2023-22849

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting XSS attack in multiple features. Upgrade to Apache Sling App C...

The vulnerability of the iotdb-web-workbench component of the IoT database for Apache IoTDB allows a hacker to escalate their privileges.

The vulnerability of the iotdb-web-workbench component of the IoT database solution from Apache IoTDB is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker to enhance their privileges remotely...

USN-5839-2 apache2 vulnerability

USN-5839-1 fixed a vulnerability in Apache. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server modproxy module incorrectly truncated certain response headers. This may result in later...

Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting

...

GHSA-22J4-QC48-J8F8 Apache InLong vulnerable to Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223 to solve it...

CVE-2023-24997

CVE-2023-24997 describes a Deserialization of Untrusted Data vulnerability in Apache InLong, affecting versions 1.1.0 through 1.5.0. The issue arises from insecure deserialization within InLong’s runtime, enabling arbitrary code execution in the application context. The publicly stated remediatio...

CVE-2023-24977

Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214...

Integer overflow

Integer Overflow or Wraparound vulnerability in aprbase64 functions of Apache Portable Runtime Utility APR-util allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility APR-util 1.6.1 and prior versions...

CVE-2022-28331

CVE-2022-28331 affects Apache Portable Runtime (APR) 1.7.0 and earlier on Windows, with a write beyond the end of a stack-based buffer in apr_socket_sendv() caused by integer overflow. The vulnerability can lead to arbitrary code execution or a crash and has a CVSS v3.1 base score of 9.8 (CRITICA...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1260)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...