Lucene search
K

5807 matches found

RedHat Linux
RedHat Linux
added yesterday4 views

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Commo...

9.8CVSS7.2AI score0.11471EPSS
Exploits9References8
RedHat Linux
RedHat Linux
added yesterday2 views

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

5.3CVSS6.2AI score0.00514EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday4 views

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Commo...

9.8CVSS7.2AI score0.11471EPSS
Exploits9References8
EUVD
EUVD
added yesterday4 views

EUVD-2026-42290

An OS command injection vulnerability exists in the savesyslogtofile function of the "httpd" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The modelname configuration parameter is not properly sanitized, which could allow an authenticated...

7.2CVSS6.2AI score
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-24698

An OS command injection vulnerability exists in the savesyslogtofile function of the "httpd" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The modelname configuration parameter is not properly sanitized, which could allow an authenticated...

7.2CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday209 views

Rejetto HTTP File Server - Template injection

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...

9.8CVSS7.6AI score0.99485EPSS
Exploits20References2
Nuclei
Nuclei
added yesterday87 views

Cherokee HTTPD <=0.5 - Cross-Site Scripting

Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. id: CVE-2006-1681 info:...

4.3CVSS6AI score0.06643EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2 days ago4 views

httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...

7.5CVSS6AI score0.00394EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago4 views

httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...

5.3CVSS6AI score0.00485EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago4 views

httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

5.3CVSS6AI score0.00393EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago93 views

Apache Tomcat JK Connect <=1.2.44 - Manager Access

Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 allows specially constructed requests to expose application functionality through the reverse proxy. It is also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is so...

7.5CVSS7AI score0.90647EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago27 views

XiongMai uc-httpd 1.0.0 - Buffer Overflow

Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725. id: CVE-2018-10088 info: name: XiongMai uc-httpd 1.0.0 - Buffer Overflow author: 0xAkoko severity: critical description: | Buffer overflow in XiongMai uc-httpd 1.0....

10CVSS7.2AI score0.40386EPSS
Exploits8References4
Rockylinux
Rockylinux
added 2 days ago4 views

httpd security, bug fix, and enhancement update

An update is available for httpd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

9.8CVSS6.9AI score0.00805EPSS
Exploits2
OSV
OSV
added 2 days ago5 views

RLSA-2026:34355 Moderate: mod_http2 security, bug fix, and enhancement update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modhttp2: Apache HTTP Server modhttp2: Use After Free vulnerability allows arbitrary code execution or denial of service. CVE-2026-48913 httpd: Apache HTTP Server:...

7.3CVSS6.6AI score0.00525EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2 days ago5 views

RockyLinux 10 : httpd (RLSA-2026:34109)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:34109 advisory. httpd: incomplete fix for CVE-2023-38709 CVE-2024-42516 httpd: NULL pointer dereference via specially crafted request CVE-2026-29169 httpd: Apache HTTP...

9.8CVSS6.9AI score0.03914EPSS
Exploits2References27
Cvelist
Cvelist
added 3 days ago41 views

CVE-2026-11405 Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...

0.00243EPSS
Exploits1References2
OSV
OSV
added 2026/07/02 10:17 a.m.3 views

RHSA-2026:34109 Red Hat Security Advisory: httpd security, bug fix, and enhancement update

Bulletin has no description...

7.7CVSS6.7AI score0.00805EPSS
Exploits0References32
RedHat Linux
RedHat Linux
added 2026/07/01 4:54 p.m.5 views

httpd: mod_http2: Apache HTTP Server mod_http2: Use After Free vulnerability allows arbitrary code execution or denial of service.

A flaw was found in the Apache HTTP Server's modhttp2 module. This vulnerability, known as a Use After Free, occurs when the server's file handles are exhausted. An attacker could potentially exploit this to cause a denial of service or, in some cases, execute arbitrary code, leading to system...

7.3CVSS6AI score0.00479EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 9:31 a.m.11 views

httpd: incomplete fix for CVE-2023-38709

A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers. These issues lead to HTTP response splitting. This CVE provides a "complete" fix for CVE-2023-38709...

7.5CVSS6.7AI score0.03914EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 9:31 a.m.7 views

Important: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

An update for httpd is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS6.8AI score0.03914EPSS
Exploits2References8
Rows per page
Query Builder