Lucene search
K

11645 matches found

Tenable Nessus
Tenable Nessus
added 2023/02/21 12:0 a.m.35 views

RHEL 8 : httpd:2.4 (RHSA-2023:0852)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0852 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav:...

9CVSS7.1AI score0.57941EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/02/21 12:0 a.m.109 views

AlmaLinux 8 : httpd:2.4 (ALSA-2023:0852)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0852 advisory. httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP...

9CVSS7AI score0.57941EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/02/21 12:0 a.m.44 views

CentOS 8 : httpd:2.4 (CESA-2023:0852)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:0852 advisory. - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header valu...

9CVSS7.1AI score0.57941EPSS
Exploits0References4
OSV
OSV
added 2023/02/21 12:0 a.m.44 views

ALSA-2023:0848 Moderate: php:8.0 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.0. BZ2161666 Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie...

9.8CVSS8.8AI score0.49336EPSS
Exploits6References12
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.74 views

Security Bulletin: Vulnerabilities in Bash affect IBM FlashSystem 840 and V840 (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Bash vulnerabilities were disclosed in September 2014. These vulnerabilities have been referred to as “Bash Bug” or “Shellshock”. Bash is used by IBM FlashSystem 840 and V840 products. Vulnerability Details The following vulnerabilities are only exploitable by users who already have...

10CVSS9.1AI score0.99999EPSS
Exploits157Affected Software2
Github Security Blog
Github Security Blog
added 2023/02/15 9:30 p.m.26 views

CSRF vulnerability in Synopsys Jenkins Coverity Plugin

A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

3.5CVSS6.6AI score0.00357EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/02/15 9:30 p.m.20 views

GHSA-PX6V-6JHF-J46R CSRF vulnerability in Synopsys Jenkins Coverity Plugin

A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

3.5CVSS4.1AI score0.00357EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/15 7:38 p.m.79 views

Security Bulletin: IBM Navigator for i is vulnerable to log file access, obtaining file attributes, and SQL Injection attacks due to multiple vulnerabilities.

Summary IBM Navigator for i provides server administration functionality for IBM i. An authenticated user with authority to interact with IBM Navigator for i is able to download log files, view file attributes, and perform SQL injection attacks as described in the vulnerability details section. I...

6.3CVSS4.9AI score0.00989EPSS
Exploits0Affected Software4
NVD
NVD
added 2023/02/15 7:15 p.m.26 views

CVE-2023-23847

A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

3.5CVSS3.9AI score0.00357EPSS
Exploits0References2
NVD
NVD
added 2023/02/15 7:15 p.m.17 views

CVE-2023-23848

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS4.5AI score0.0052EPSS
Exploits0References2
OSV
OSV
added 2023/02/15 7:15 p.m.3 views

CVE-2023-23848

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS5.8AI score0.0052EPSS
Exploits0References2
Prion
Prion
added 2023/02/15 7:15 p.m.15 views

Design/Logic Flaw

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4CVSS4.5AI score0.0052EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.2 views

SUSE CVE-2003-1581

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log...

2.6CVSS6.5AI score0.0308EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.4 views

SUSE CVE-2007-1742

suexec in Apache HTTP Server httpd 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "htmlbackup" and "htmleditor" under an "html...

3.7CVSS6.4AI score0.00687EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.3 views

SUSE CVE-2007-3303

Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that 1 stop request processing by killing all worker processes and preventing creation of replacements or 2 hang the system by forcin...

4.9CVSS6.8AI score0.0089EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.4 views

SUSE CVE-2007-5000

Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.46603EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.4 views

SUSE CVE-2009-0796

Cross-site scripting XSS vulnerability in Status.pm in Apache::Status and Apache2::Status in modperl1 and modperl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI...

2.6CVSS6.1AI score0.29638EPSS
Exploits3References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.3 views

SUSE CVE-2009-1191

modproxyajp.c in the modproxyajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request...

5CVSS8.9AI score0.12383EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.4 views

SUSE CVE-2009-3094

The approxyftphandler function in modules/proxy/proxyftp.c in the modproxyftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service NULL pointer dereference and child process crash via a malformed reply to an EPSV command...

2.6CVSS8.7AI score0.08566EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.3 views

SUSE CVE-2010-0010

Integer overflow in the approxysendfb function in proxy/proxyutil.c in modproxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service daemon crash or possibly execute arbitrary code via a large chunk size that triggers a heap-based...

6.8CVSS8.4AI score0.43421EPSS
Exploits2References4
Rows per page
Query Builder