Lucene search
K

11648 matches found

F5 Networks
F5 Networks
added 2022/12/15 9:58 p.m.79 views

K00373024: Apache vulnerability CVE-2016-8743

Security Advisory Description Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of...

7.5CVSS6.6AI score0.13252EPSS
Exploits0Affected Software16
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/15 7:52 p.m.37 views

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application and IBM HTTP Server included as part of IBM Tivoli Monitoring ITM portal server: CVE-2022-43680, CVE-2017-9233, CVE-2013-0340 and CVE-2022-40750. Vulnerability Details CVEID:CVE-2022-43680 DESCRIPTION: libexpa...

7.5CVSS7.8AI score0.19433EPSS
Exploits3Affected Software1
F5 Networks
F5 Networks
added 2022/12/15 6:31 p.m.50 views

K59333944: Apache mod_proxy_ftp vulnerability CVE-2020-1934

Security Advisory Description In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP server. CVE-2020-1934 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...

5.3CVSS6.6AI score0.51951EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2022/12/15 4:4 a.m.45 views

CVE-2022-23527

An open redirect vulnerability was found in modauthopenidc, an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check for URLs that start...

6.1CVSS1AI score0.00905EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2022/12/14 6:15 p.m.27 views

CVE-2022-23527

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check fo...

6.1CVSS6.6AI score0.00905EPSS
Exploits0References4
CVE
CVE
added 2022/12/14 5:22 p.m.138 views

CVE-2022-23527

CVE-2022-23527 affects mod_auth_openidc for Apache 2.x. Versions prior to 2.4.12.2 are vulnerable to an Open Redirect caused by improper validation in oidc_validate_redirect_url() for logout redirect URIs that may start with a tab (\t). The issue can be mitigated by upgrading to 2.4.12.2; if upgr...

6.1CVSS5.7AI score0.00905EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/12/14 5:22 p.m.36 views

CVE-2022-23527 Open Redirect in oidc_validate_redirect_url()

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check fo...

4.7CVSS6.3AI score0.00905EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/12/14 5:22 p.m.24 views

CVE-2022-23527 Open Redirect in oidc_validate_redirect_url()

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check fo...

4.7CVSS6.7AI score0.00905EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/12/14 5:22 p.m.4 views

CVE-2022-23527 Open Redirect in oidc_validate_redirect_url()

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check fo...

4.7CVSS7AI score0.00905EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2022/12/14 5:22 p.m.35 views

CVE-2022-23527

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check fo...

6.1CVSS6.4AI score0.00905EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/13 5:37 a.m.30 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

7.5CVSS7.3AI score0.19433EPSS
Exploits3Affected Software1
Prion
Prion
added 2022/12/09 9:15 p.m.24 views

Design/Logic Flaw

Akeneo PIM is an open source Product Information Management PIM. Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...

6.5CVSS8.7AI score0.01406EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/12/09 8:14 p.m.298 views

CVE-2022-46157

CVE-2022-46157 affects Akeneo PIM Community Edition versions before v5.0.119 and before v6.0.53, where remote authenticated users could execute arbitrary PHP code on the server by uploading a crafted image. Impact is high (remote code execution) per CVE records. Remediation available: upgrade to ...

8.8CVSS8.7AI score0.01406EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/12/09 8:14 p.m.33 views

CVE-2022-46157 Remote php code execution in Akeneo PIM

Akeneo PIM is an open source Product Information Management PIM. Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...

8.8CVSS8.7AI score0.01406EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/12/09 12:0 a.m.4 views

PT-2022-27774 · Apache +1 · Apache Http Server +1

Name of the Vulnerable Software and Affected Versions: Akeneo PIM Community Edition versions prior to v5.0.119 and v6.0.53 Description: Akeneo PIM is an open source Product Information Management PIM that allows remote authenticated users to execute arbitrary PHP code on the server by uploading a...

8.8CVSS8.7AI score0.01406EPSS
Exploits1References9
OpenVAS
OpenVAS
added 2022/12/09 12:0 a.m.7 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2790)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.7CVSS6.6AI score0.01788EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2022/12/08 1:25 p.m.6 views

reactor-netty-http: Log request headers in some cases of invalid HTTP requests

A flaw was found in the Reactor Netty HTTP Server, which may log request headers in some cases of invalid HTTP requests. This could allow an attacker to access privileged information when WARN level logging is enabled...

4.3CVSS5.8AI score0.00604EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/12/08 1:21 p.m.84 views

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

10CVSS7.6AI score0.95764EPSS
Exploits20References24
RedHat Linux
RedHat Linux
added 2022/12/08 1:21 p.m.5 views

httpd: mod_sed: DoS vulnerability

A flaw was found in the modsed module of httpd. A very large input to the modsed module can result in a denial of service due to excessively large memory allocations...

7.5CVSS7.1AI score0.90407EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/12/08 1:8 p.m.3 views

httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism

A flaw was found in the modproxy module of httpd. The server may remove the X-Forwarded- headers from a request based on the client-side Connection header hop-by-hop mechanism...

9.8CVSS7.1AI score0.0314EPSS
Exploits1References5
Rows per page
Query Builder