315 matches found
httpd: NULL pointer dereference via specially crafted request
A flaw was found in the moddavlock module of httpd. This vulnerability allows a remote unauthenticated attacker to crash the server due to a NULL pointer dereference via a specially crafted request...
nginx:1.26 security update
1.26.3-9.0.1 - Require oracle-indexhtml 2:1.26.3-9 - Resolves: RHEL-176218 - nginx:1.26/nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 2:1.26.3-8 - CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files 2:1.26.3-7 -...
httpd: NULL pointer dereference via specially crafted request
A flaw was found in the moddavlock module of httpd. This vulnerability allows a remote unauthenticated attacker to crash the server due to a NULL pointer dereference via a specially crafted request...
ROS-20260622-73-0041
The vulnerability of the ngxhttpdavmodule module in NGINX Plus and NGINX Open Source servers is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow a malicious actor to cause service failures...
PT-2026-48813
Impact WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a specific path layout. Patches The issue is fixed with version 4.3.4. Preconditions The practical impact depends on the deployment. The deployment...
CVE-2026-42535
A path handling issue in moddavfs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue...
CVE-2026-42535
A path handling issue in moddavfs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue...
CVE-2026-42535
CVE-2026-42535 affects Apache httpd’s mod_dav_fs in versions 2.4.67 and earlier. A path handling issue lets a WebDAV content author directly manipulate trusted DAV property databases, with the practical impact described as potential child process crashes. The recommended remediation is upgrading ...
USN-8396-1: Apache HTTP Server vulnerabilities
It was discovered that the Apache HTTP Server modrewrite module incorrectly handled certain privileges. A local attacker could possibly use this issue to obtain sensitive information. CVE-2026-24072 Andrew Lacambra, Elhanan Haenel, Tianshuo Han, and Tristan Madani discovered that the Apache HTTP...
USN-8396-1 apache2 vulnerabilities
It was discovered that the Apache HTTP Server modrewrite module incorrectly handled certain privileges. A local attacker could possibly use this issue to obtain sensitive information. CVE-2026-24072 Andrew Lacambra, Elhanan Haenel, Tianshuo Han, and Tristan Madani discovered that the Apache HTTP...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : nginx vulnerabilities (USN-8375-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8375-1 advisory. It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SM...
CVE-2026-45691
A flaw was found in Nextcloud Server. An attacker could reuse a pre-two-factor authentication 2FA session cookie as a Bearer token. This allows them to authenticate against DAV endpoints, granting unauthorized read and write access and bypassing the mandatory two-factor authentication. Mitigation...
CVE-2026-45691
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...
CVE-2026-45691
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...
CVE-2026-45691 Nextcloud: Bypass of second factor authentication on DAV endpoints
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...
CVE-2026-45691
Summary: CVE-2026-45691 affects Nextcloud Server prior to 32.0.9 and 33.0.3, where a pre-2FA session cookie created after password auth but before TOTP could be reused as a Bearer token to access DAV endpoints, bypassing mandatory two-factor authentication and granting read/write access. Impact: ...
CVE-2026-45691 Nextcloud: Bypass of second factor authentication on DAV endpoints
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...
CVE-2026-45283 Nextcloud: Files Lock app allows users to lock and unlock files of other users
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the fileslock app did not properly validate the ownership of files when processing DAV lock and unlock requests. An authenticated user could lock or...
Nextcloud Server 授权问题漏洞
NextCloud Server is an open-source NextCloud server program developed by NextCloud. Versions of NextCloud Server from 32.0.0 to 32.0.9 and from 33.0.0 to 33.0.3 contained vulnerabilities related to authorization. These vulnerabilities stemmed from the possibility that the session cookie, which...
PT-2026-45535
Name of the Vulnerable Software and Affected Versions Nextcloud Server versions 32.0.0 through 32.0.8 Nextcloud Server versions 33.0.0 through 33.0.2 Nextcloud Enterprise Server versions prior to 29.0.16.16 Nextcloud Enterprise Server versions prior to 30.0.17.9 Nextcloud Enterprise Server versio...