PT-2024-29659 · Unknown · Pheonix App

Name of the Vulnerable Software and Affected Versions: Pheonix App versions prior to 0.2.4 Pheonix App versions prior to 0.2.5 Description: The issue is related to the map of encoding/decoding languages being visible in the code, which can have a moderate impact, particularly for users who want t...

Amazon Linux AMI : httpd24 (ALAS-2024-1944)

The version of httpd24 installed on the remote host is prior to 2.4.61-1.103. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1944 advisory. Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts...

httpd: Substitution encoding issue in mod_rewrite

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...

Oracle Linux 9 : httpd (ELSA-2024-4726)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4726 advisory. - Resolves: RHEL-45792 - httpd: Encoding problem in modproxy CVE-2024-38473 - Resolves: RHEL-45766 - httpd: null pointer dereference in modproxy...

Important: httpd

Issue Overview: Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

OESA-2024-1853 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or...

CVE-2024-38473

...

Mageia: Security Advisory (MGASA-2024-0258)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-43065 CVE-2024-38473 affecting package httpd for versions less than 2.4.61-1

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

UBUNTU-CVE-2024-38473

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

CVE-2024-38474

Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...

Cross-Site Scripting in TYPO3 Backend

Failing to properly encode user input, some backend components are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this vulnerability...

PT-2024-6069

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.59 and earlier Description The issue is related to an encoding problem in the mod proxy component of the Apache HTTP Server, which can allow an attacker to send request URLs with incorrect encoding to backend...

PT-2024-21239 · Amss++ · Amss++

Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue is related to insufficient encoding of user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through the "/amssplus/modules/book/main/bookdetail khet person.php" API endpoint,...

PT-2024-22122 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP versions 7.89, 7.93 Description: The issue is related to Cross-Site Scripting XSS due to insufficient encoding of user-controlled inputs in applications based on SAP GUI for HTML. This allows a malicious attacker to...

CVE-2024-23893 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/costcentermodify.php, in the costcenterid parameter. Exploitation of this...

PT-2024-40553 · Unknown · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs in the JavaLanguageParser.expr function, potentially related to encoding issues in the UTF 8.updatePositions and UTF 8$Encoder.encodeArrayLoop functions...

PT-2023-32659 · Unknown · Bigprof Online Invoicing System

Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System version 2.6 Description: A vulnerability has been discovered in the system, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the "/invoicing/app/clients view.php"...

CVE-2023-26279

IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160...

PT-2024-5217 · Libvpx +7 · Libvpx +7

Name of the Vulnerable Software and Affected Versions: libvpx versions prior to 1.13.1 Description: A heap overflow issue exists in libvpx when encoding a frame with larger dimensions than the originally configured size using VP9, potentially resulting in a heap overflow. Recommendations: For...