httpd security update

An update is available for httpd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

httpd:2.4 security update

An update is available for module.modhttp2, module.modmd, modmd, httpd, modhttp2, module.httpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd package...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

RHEL 8 : httpd:2.4 (RHSA-2025:23732)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23732 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP...

CVE-2025-43529

A flaw was found in webkitgtk where when processing a maliciously crafted web content a use-after-free type of weaknesses may be triggered leading to a remote code execution in the client machine. Mitigation To mitigate this issue, avoid processing untrusted web content. Additionally, disabling t...

CVE-2025-67900

NXLog Agent before 6.11 can load a file specified by the OPENSSLCONF environment variable...

EUVD-2025-203315

NXLog Agent before 6.11 can load a file specified by the OPENSSLCONF environment variable...

CVE-2025-67900

NXLog Agent before 6.11 can load a file specified by the OPENSSLCONF environment variable...

CVE-2025-67900

NXLog Agent before 6.11 can load a file specified by the OPENSSLCONF environment variable...

CVE-2025-67900

NXLog Agent before 6.11 is affected by a vulnerability where the process can load a file specified by the OPENSSL_CONF environment variable. This allows manipulation of the OpenSSL configuration, with potential impact on cryptographic operations. Affected product: NXLog Agent; vulnerable version(...

CVE-2025-67900

NXLog Agent before 6.11 can load a file specified by the OPENSSLCONF environment variable...

NXLog Agent 安全漏洞

NXLog Agent is a log management software from NXLog USA. A security vulnerability exists in NXLog Agent versions prior to 6.11, which originates from a file specified by the loadable OPENSSLCONF environment variable...

PT-2025-51178

Name of the Vulnerable Software and Affected Versions NXLog Agent versions prior to 6.11 Description NXLog Agent versions before 6.11 are susceptible to a local issue that allows attackers to manipulate the OpenSSL configuration. The issue involves the loading of a file specified by the OPENSSL...

Command Injection

sqls-server/sqls is vulnerable to Command Injection. The vulnerability is due to improper sanitization of the EDITOR environment variable and config file path in the openEditor function, which allows an attacker to execute arbitrary commands through crafted input passed to sh -c...

Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-1294)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1294 advisory. If the value passed to os.path.expandvars is user-controlled aperformance degradation is possible when expanding environmentvariables. CVE-2025-6075 Tenable has extracted the preceding description bloc...

Updated apache packages fix security vulnerabilities

Apache HTTP Server: modmd ACME, unintended retry intervals. CVE-2025-55753 Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. CVE-2025-58098 Apache HTTP Server: CGI environment...

IBM Controller 安全漏洞

IBM Controller is a Web-based financial consolidation tool from International Business Machines IBM. A security vulnerability exists in IBM Controller versions 11.1.0 through 11.1.1 that originates from storing unencrypted sensitive information in environment variable files, which could lead to...

Apache HTTP Server: CGI environment variable override

...

SUSE CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...