PT-2025-14505 · Stmicroelectronics · Stmicroelectronics X-Cube-Azrtos-Wl

Name of the Vulnerable Software and Affected Versions: STMicroelectronics X-CUBE-AZRTOS-WL version 2.0.0 Description: An integer underflow issue exists in the HTTP server's PUT request functionality, which can be triggered by a specially crafted network packet, leading to denial of service. This...

PT-2025-14615 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns unvalidated user input in the Apache HTTP Server. No specific details about the estimated number of potentially affected devices or real-world incidents are...

PT-2025-14765 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue is related to unvalidated user input in the Apache HTTP Server. No specific details about the estimated number of potentially affected devices or real-world incidents a...

PT-2025-14621 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue is related to a remote code execution vulnerability. No specific details about the estimated number of potentially affected devices worldwide or real-world incidents...

Brocade Fabric OS Remote Code Execution / Information Disclosure

Brocade Fabric OS versions prior to 9.2.2 suffer from 10 vulnerabilities including, but not limited to, remote code execution, information disclosure, man-in-the-middle, weak cryptography, and hardcoded key vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Titl...

CVE-2025-1734

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers missing a colon : are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers...

CVE-2025-1734

CVE-2025-1734 affects PHP’s HTTP stream wrapper header parsing: headers missing a colon are treated as valid, potentially letting applications accept invalid headers. Affected branches include PHP 8.1.x before 8.1.32, 8.2.x before 8.2.28, 8.3.x before 8.3.19, and 8.4.x before 8.4.5. Mitigations/u...

CVE-2025-1734 Streams HTTP wrapper does not fail for headers with invalid name and no colon

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers missing a colon : are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers...

CVE-2025-30221

Pitchfork is a preforking HTTP server for Rack applications. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used in conjunction with Rack 3. The issue was fixed in Pitchfork release 0.11.0. No known workarounds are available...

CVE-2025-30221

Summary (CVE-2025-30221): Pitchfork is a Rack-based HTTP server. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used with Rack 3. The issue is fixed in Pitchfork 0.11.0. Affected: Pitchfork

Moderate: Red Hat Bug Fix Advisory: mod_proxy_cluster bug fix update

An update for modproxycluster is now available for Red Hat Enterprise Linux 9. The modproxycluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Bug Fixes: Rebuild modproxycluster against httpd 2.4.62 JIRA:RHEL-70140 Rebase modproxycluster to upstream...

httpd bug fix update

An update is available for httpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

libsoup security update

An update is available for libsoup. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libsoup packages provide an HTTP client and server library for GNOME...

RLSA-2024:9306 Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP response splitting CVE-2023-38709 httpd: HTTP Response Splitting in multiple modules CVE-2024-24795 For more details about the security issues, including the impact, a...

Metasploit Weekly Wrap-Up 03/14/25

New module content 1 InvoiceShelf unauthenticated PHP Deserialization Vulnerability Authors: Mickaël Benassouli, Rémi Matasse, and h00die-gr3y Type: Exploit Pull request: 19950 contributed by h00die-gr3y Path: linux/http/invoiceshelfunauthrcecve202455556 AttackerKB reference: CVE-2024-55556...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-25193 DESCRIPTION: Harfbuzz is vulnerable to a denial of service, caused by a...

Linux Distros Unpatched Vulnerability : CVE-2020-11984

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE CVE-2020-11984 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2021-36160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A carefully crafted request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS. This issue affects Apache HTTP Server versions...

Linux Distros Unpatched Vulnerability : CVE-2024-24795

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cau...

Linux Distros Unpatched Vulnerability : CVE-2018-1302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an...