Lucene search
K

11648 matches found

CVE
CVE
added 2023/02/15 12:0 a.m.68 views

CVE-2023-23848

The CVE-2023-23848 entry concerns missing permission checks in the Synopsys Jenkins Coverity Plugin (versions

4.3CVSS4.5AI score0.0052EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2023/02/15 12:0 a.m.29 views

CVE-2023-23847

A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

3.5CVSS6AI score0.00357EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2023/02/15 12:0 a.m.24 views

CVE-2023-23848

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS5.9AI score0.0052EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.15 views

CVE-2023-23848

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.8AI score0.0052EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/14 3:21 a.m.45 views

K000132525: Apache vulnerability CVE-2006-20001

Security Advisory Description A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE-2006-2000...

7.5CVSS7.4AI score0.03546EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2023/02/14 12:0 a.m.5 views

VulnCheck KEV: CVE-2016-0736

In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding...

7.5CVSS7.1AI score0.49024EPSS
Exploits4References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/13 5:14 a.m.32 views

Security Bulletin: IBM PowerVM Novalink is vulnerable because Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. (CVE-2022-21628)

Summary IBM PowerVM Novalink is vulnerable because Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. Vulnerability Detail...

5.3CVSS5.5AI score0.02376EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/02/10 12:0 a.m.62 views

Apache HTTP Server SEoL (<= 1.3.x)

According to its version, Apache HTTP Server is less than or equal to 1.3.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/02/10 12:0 a.m.87 views

Apache HTTP Server SEoL (2.1.x <= x <= 2.2.x)

According to its version, Apache HTTP Server is between 2.1.x and 2.2.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

5.5AI score
Exploits0References1
GithubExploit
GithubExploit
added 2023/02/08 12:19 p.m.482 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell CVE-2021-44228: Brief Description Apache L...

10CVSS9.7AI score0.99999EPSS
Exploits347
Tenable Nessus
Tenable Nessus
added 2023/02/08 12:0 a.m.33 views

EulerOS 2.0 SP8 : java-1.8.0-openjdk (EulerOS-SA-2023-1319)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported...

5.3CVSS6AI score0.02376EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/07 8:45 p.m.55 views

Security Bulletin: IBM Aspera Orchestrator affected by vulnerability (CVE-2022-28615)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-28615 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a read beyond bounds in apstrcmpmatch when provided with an...

9.1CVSS9.2AI score0.05729EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/02/07 12:6 a.m.17 views

MGASA-2023-0032 Updated apache packages fix security vulnerability

CVE-2022-37436: Apache HTTP Server: modproxy prior to 2.4.55 allows a backend to trigger HTTP response splitting. Prior to 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers ha...

9CVSS7AI score0.57941EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/02/06 12:0 a.m.43 views

Amazon Linux AMI : java-1.8.0-openjdk, java-1.8.0-openjdk-demo, java-1.8.0-openjdk-devel (ALAS-2023-1678)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1678 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf,...

5.3CVSS6.1AI score0.02376EPSS
Exploits0References9
CNVD
CNVD
added 2023/02/06 12:0 a.m.82 views

Apache HTTP Server Http Request Smuggling Vulnerability (CNVD-2023-30860)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An Http request smuggling vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.55 and earlier, which stems from a...

9CVSS6.7AI score0.01879EPSS
Exploits0References1
CNVD
CNVD
added 2023/02/06 12:0 a.m.261 views

Apache HTTP Server CLRF Injection Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A CLRF injection vulnerability exists in Apache HTTP Server versions prior to 2.4.55. The vulnerability stems from a Web applicati...

5.3CVSS6.9AI score0.57941EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/03 9:20 p.m.80 views

Security Bulletin: Vulnerabilities have been identified in Spring Framework, OpenSSL and Apache HTTP Server shipped with the DS8000 Hardware Management Console (HMC)

Summary The updates indicated below have been released to address the following vulnerabilities: Spring Framework CVE-2022-22965, OpenSSL vulnerabilities CVE-2022-0778, Apache HTTP Server CVE-2021-26691, CVE-2021-40438, CVE-2021-44790, and CVE-2021-20325. Vulnerability Details CVEID:CVE-2022-0778...

10CVSS9.9AI score0.99999EPSS
Exploits111Affected Software3
OSV
OSV
added 2023/02/03 11:4 a.m.3 views

OESA-2023-1052 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to...

9CVSS9.1AI score0.57941EPSS
Exploits0References4
Fedora
Fedora
added 2023/02/03 1:42 a.m.54 views

[SECURITY] Fedora 36 Update: httpd-2.4.55-1.fc36

The Apache HTTP Server is a powerful, efficient, and extensible web server...

9CVSS7.5AI score0.57941EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/02/03 12:0 a.m.42 views

Fedora 36 : httpd (2023-6d4055d482)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6d4055d482 advisory. - new version 2.4.55 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...

9CVSS7.1AI score0.57941EPSS
Exploits0References4
Rows per page
Query Builder