CVE-2021-42659

CVE-2021-42659 affects Tenda AC9 devices (V1.0 V15.03.02.19(6318) and V3.0 V15.03.06.42_multi) where the httpd web server vulnerable to a buffer overflow during virtual service configuration. The httpd process crashes/exits when a super-long list parameter is provided. Root cause: buffer overflow...

subversion: Subversion's mod_dav_svn is vulnerable to memory corruption

A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...

Apache 2.4.x < 2.4.52 mod_lua Buffer Overflow

The version of Apache httpd installed on the remote host is prior to 2.4.52. It is, therefore, affected by a flaw related to modlua when handling multipart content. A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The...

CVE-2022-30033

Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status in httpd module...

Buffer overflow

Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status in httpd module...

CVE-2022-30033

CVE-2022-30033 affects the Tenda TX9 Pro router (V22.03.02.10). The issue is a Buffer Overflow in the httpd module’s setIPv6Status() function, enabling remote exploitation over the network with no user interaction. CVSS: 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (base 7.5). No exploitation or patch...

CVE-2022-30033

Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status in httpd module...

new packages: httpd

An update is available for httpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.0...

httpd:2.4 security and bug fix update

modhttp2 1.15.7-5 - Resolves: 2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference or SSRF in forward proxy configurations 1.15.7-4 - Resolves: 1966728 - CVE-2021-33193 httpd:2.4/modhttp2: httpd: Request splitting via HTTP/2 method injection and modproxy modmd...

InHand Networks InRouter302缓冲区溢出漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. A buffer overflow vulnerability exists in InHand Networks InRouter302 version V3.5.4, which stems from the httpd parsepingresult API function A boundary error occurs when handling untrusted input, which can be...

GHSA-VQF9-V3HC-WR54 keycloak-httpd-client-install symlink attack vulnerability

keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link...

keycloak-httpd-client-install symlink attack vulnerability

keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link...

GHSA-89C9-3758-737W keycloak-httpd-client-install Insecure Secrets

keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users...

CVE-2022-26782

Multiple improper input validation vulnerabilities exists in the libnvram.so nvramimport functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input...

CVE-2022-26781

Multiple improper input validation vulnerabilities exists in the libnvram.so nvramimport functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input...

CVE-2022-26782

Multiple improper input validation vulnerabilities exists in the libnvram.so nvramimport functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input...

CVE-2022-24910

A buffer overflow vulnerability exists in the httpd parsepingresult API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-26085

An OS command injection vulnerability exists in the httpd wlscanASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Buffer overflow

A buffer overflow vulnerability exists in the httpd parsepingresult API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

Input validation

Multiple improper input validation vulnerabilities exists in the libnvram.so nvramimport functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input...