GLSA-202309-01 : Apache HTTPD: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202309-01 Apache HTTPD: Multiple Vulnerabilities - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the...

Oracle Linux 7 : httpd24-httpd (ELSA-2015-1666)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1666 advisory. - core: fix chunk header parsing defect CVE-2015-3183 - core: replace of apsomeauthrequired with apsomeauthnrequired and apforceauthn hook CVE-2015-318...

Oracle Linux 5 : httpd (ELSA-2007-0746)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2007-0746 advisory. - add security fix for CVE-2007-3847 250761 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Oracle Linux 7 : keycloak-httpd-client-install (ELSA-2019-2137)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2137 advisory. 0.8-1 - Resolves: rhbz1673716 - Rebase k-h-c-i to version 0.8 - The rebase also includes fixes for: - rhbz1533190 - CVE-2017-15111...

Oracle Linux 6 : httpd24-httpd (ELSA-2014-1972)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1972 advisory. - Remove modproxyfcgi fix for heap-based buffer overflow, httpd-2.4.6 is not affected CVE-2014-3583 - core: fix bypassing of modheaders rules via chunk...

Oracle Linux 8 : httpd:2.4 (ELSA-2019-3436)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3436 advisory. - In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid...

Oracle Linux 7 : httpd (ELSA-2020-1121)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1121 advisory. - Resolves: 1677496 - CVE-2018-17199 httpd: modsessioncookie does not respect expiry time - Resolves: 1565465 - CVE-2017-15710 httpd: Out of bound writ...

CVE-2023-36187

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd...

CVE-2023-36187

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd...

NETGEAR R6400v2 安全漏洞

The NETGEAR R6400v2 is a router from NETGEAR. A hardware device that connects two or more networks and acts as a gateway between networks. The NETGEAR R6400v2 suffers from a code execution vulnerability that stems from the program's failure to properly filter special elements that construct code...

CVE-2023-36187

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd...

CVE-2023-40585 Unauthenticated access to Ironic API

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

CVE-2023-40585 Unauthenticated access to Ironic API

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

CVE-2023-40585 Unauthenticated access to Ironic API

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software

Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry formerly MobileIron Sentry that it said is being actively exploited in the wild, marking an escalation of its security woes. Tracked as CVE-2023-38035 CVSS score: 9.8, the issue has been described...

Ivanti Sentry Authentication Bypass Vulnerability

Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration...

CVE-2023-38035

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration...

Authentication flaw

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration...

CVE-2023-38035

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration...

CVE-2023-38035

CVE-2023-38035 affects Ivanti Sentry (MobileIron Sentry) 9.18.0 and earlier, via an unauthenticated path to the System Manager Portal on port 8443 due to an insufficiently restricting Apache HTTPD config. Exploitation can allow an attacker to bypass admin interface controls, change configuration,...