NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Multiple Vulnerabilities (NS-SA-2022-0021)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by multiple vulnerabilities: - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow CVE-2021-26691 ...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1671)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Tenda AX12 Buffer Overflow Vulnerability (CNVD-2022-38541)

Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from Tenda China.Tenda AX12 is vulnerable to a buffer overflow vulnerability, which originates from the /goform/setMacFilterCfg function in the httpd service that does not properly validate data boundaries when performing operations on...

Tenda AC9 Stack Overflow Vulnerability (CNVD-2022-38540)

Tenda AC9 is a wireless router from Tenda, a Chinese company. Tenda AC9 is vulnerable to a stack overflow vulnerability, which originates from the goform/fastsettingwifiset function in the httpd service that does not properly validate data boundaries when performing operations on memory, and can ...

EulerOS Virtualization 3.0.2.0 : httpd (EulerOS-SA-2022-1671)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. T...

CVE-2022-28561

There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21cn router. An attacker can obtain a stable shell through a carefully constructed payload...

CVE-2022-28560

There is a stack overflow vulnerability in the goform/fastsettingwifiset function in the httpd service of Tenda ac9 15.03.2.21cn router. An attacker can obtain a stable shell through a carefully constructed payload...

CVE-2022-28561

There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21cn router. An attacker can obtain a stable shell through a carefully constructed payload...

CVE-2022-28560

There is a stack overflow vulnerability in the goform/fastsettingwifiset function in the httpd service of Tenda ac9 15.03.2.21cn router. An attacker can obtain a stable shell through a carefully constructed payload...

CVE-2022-28561

There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21cn router. An attacker can obtain a stable shell through a carefully constructed payload...

CVE-2022-28561

The CVE-2022-28561 entry concerns the Tenda AX12 router (22.03.01.21_cn). A stack/buffer overflow is triggered in the httpd service via the /goform/setMacFilterCfg function when handling crafted input, allowing an attacker to obtain a stable shell. Public references in the document set describe a...

CVE-2022-28560

The CVE-2022-28560 entry concerns Tenda AC9 (firmware 15.03.2.21_cn) with a stack overflow in the httpd service’s goform/fast_setting_wifi_set function. This vulnerability allows an attacker to trigger a stable shell via a carefully crafted payload. CVSSv3.1 vector: Network, Privileges NONE, User...

Tenda AX12 缓冲区错误漏洞

Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from Tenda China.Tenda AX12 is vulnerable to a buffer overflow vulnerability, which originates from the /goform/setMacFilterCfg function in the httpd service that does not properly validate data boundaries when performing operations on...

Important: httpd

Issue Overview: A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest treat of this vulnerability is availability. CVE-2022-22719 A flaw was found in...

CVE-2022-23943 affecting package httpd for versions less than 2.4.53-1

CVE-2022-23943 affecting package httpd for versions less than 2.4.53-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-22721 affecting package httpd for versions less than 2.4.53-1

CVE-2022-22721 affecting package httpd for versions less than 2.4.53-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-22720 affecting package httpd for versions less than 2.4.53-1

CVE-2022-22720 affecting package httpd for versions less than 2.4.53-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-22719 affecting package httpd for versions less than 2.4.53-1

CVE-2022-22719 affecting package httpd for versions less than 2.4.53-1. An upgraded version of the package is available that resolves this issue...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2022-1569)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1569)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...