11650 matches found
EulerOS 2.0 SP3 : httpd (EulerOS-SA-2022-2614)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : golang-github-prometheus-node_exporter (SUSE-SU-2022:3745-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3745-1 advisory. bsc1196338, jscSLE-24238, jscSLE-24239, jscSUMA-114, CVE-2022-21698 Tenable has extracted the preceding...
httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path
An out-of-bounds read in modproxyuwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability...
Moderate: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links...
httpd: NULL pointer dereference via crafted request during HTTP/2 request processing
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...
httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path
An out-of-bounds read in modproxyuwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...
java security update
CentOS Errata and Security Advisory CESA-2022:7002 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...
java security update
CentOS Errata and Security Advisory CESA-2022:7008 An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.51 (RHSA-2022:7143)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7143 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...
This Week in Spring - October 25th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! When last we spoke, I was in Las Vegas, NV, for the JavaOne show. It was amazing! Im in sunny Singapore, then off to Malaysia and Thailand. Its the first time Ive been to any of these places since 2019! How good it is to be...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2022-40674)
Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...
Scientific Linux Security Update : java-11-openjdk on SL7.x i686/x86_64 (2022:7008)
The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:7008-1 advisory. - OpenJDK: improper MultiByte conversion can lead to buffer overflow JGSS, 8286077 CVE-2022-21618 - OpenJDK: excessive memory allocation in X.509...
Oracle Linux 7 : java-11-openjdk (ELSA-2022-7008)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7008 advisory. 1:11.0.17.0.8-2.0.1 - link atomic for ix86 build 1:11.0.17.0.8-2 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data wit...
Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x i686/x86_64 (2022:7002)
The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:7002-1 advisory. - OpenJDK: excessive memory allocation in X.509 certificate parsing Security, 8286533 CVE-2022-21626 - OpenJDK: HttpServer no connection count...
Oracle Linux 8 : java-1.8.0-openjdk (ELSA-2022-7006)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7006 advisory. 1:1.8.0.352.b08-2 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Add test to ensure timezones can be translated - Related: rhbz21336...
Oracle Linux 8 : java-11-openjdk (ELSA-2022-7012)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7012 advisory. 1:11.0.17.0.8-2 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv JDK-8293834 - Drop JDK-8292223 patc...
Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2022-7002)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7002 advisory. 1:1.8.0.352.b08-2 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Add test to ensure timezones can be translated - Related: rhbz21336...
Oracle Linux 9 : java-1.8.0-openjdk (ELSA-2022-7007)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7007 advisory. 1.8.0.352.b08-2.0.1 - Replace upstream references Orabug: 34340145 1:1.8.0.352.b08-2 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 -...
Oracle Linux 8 : java-17-openjdk (ELSA-2022-7000)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7000 advisory. 1:17.0.5.0.8-2 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv JDK-8293834 - Drop JDK-8292223 patch...