CVE-2019-10137

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitra...

CVE-2019-10137

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitra...

[SECURITY] Fedora 29 Update: mod_http2-1.15.1-1.fc29

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

CVE-2018-16119

Stack-based buffer overflow in the httpd server of TP-Link WR1043nd Firmware Version 3 allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm...

CVE-2018-16119

Stack-based buffer overflow in the httpd server of TP-Link WR1043nd Firmware Version 3 allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm...

CVE-2018-16119

Stack-based buffer overflow in the httpd server of TP-Link WR1043nd Firmware Version 3 allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm...

CVE-2018-16119

CVE-2018-16119: TP-Link WR1043ND (Firmware Version 3) httpd is vulnerable to a stack-based buffer overflow via a crafted MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm, enabling remote arbitrary code execution. The Red Hat and other CNVD/CVE records confirm the same description; no ...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 security update

Red Hat JBoss Core Services Pack Apache Server 2.4.29 Service Pack 2 packages for Microsoft Windows and Oracle Solaris are now available. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

Debian DSA-4458-1 : cyrus-imapd - security update

A flaw was discovered in the CalDAV feature in httpd of the Cyrus IMAP server, leading to denial of service or potentially the execution of arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. C Tenable Network Security, Inc. The descriptive text and...

CVE-2019-11356

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name...

CVE-2019-11356

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name...

CVE-2019-11356

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name...

CVE-2019-11356

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name...

CVE-2019-11356

CVE-2019-11356 affects Cyrus IMAP Server (cyrus-imapd) via the CalDAV feature in httpd. The root cause is a buffer overflow triggered by a long iCalendar property name in CalDAV requests, enabling remote code execution. Impact is high (per CVSS) with potential remote compromise, depending on the ...

Side-channel Attack

httpd is vulnerable to side-channel attack. An implementation flaw was discovered in multiple cryptographic libraries that allows a side-channel based attacker to recover ECDSA or DSA private keys. When these cryptographic libraries use the private key to create a signature, such as for a TLS or...

Symantec Content Analysis < 2.3.1.1 affected by Multiple Vulnerabilities (SYMSA1410)

The version of Symantec Content Analysis running on the remote host is prior to version 2.3.1.1. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modmime can read one byte past the end of a buffer when sending a...

EulerOS Virtualization for ARM 64 3.0.2.0 : httpd (EulerOS-SA-2019-1631)

According to the version of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A race condition was found in modauthdigest when the web server was running in a threaded MPM configuration. It could allo...

EulerOS 2.0 SP3 : httpd (EulerOS-SA-2019-1580)

According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A race condition was found in modauthdigest when the web server was running in a threaded MPM configuration. It could allow a user with valid...

FreeBSD : cyrus-imapd -- buffer overrun in httpd (10fd731c-8088-11e9-b6ae-001871ec5271)

Cyrus IMAP 3.0.10 Release Notes states : Fixed CVE-2019-11356: buffer overrun in httpd C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020 Jacques Vidrine and contributors Redistribution and u...

[SECURITY] Fedora 30 Update: mod_http2-1.15.0-1.fc30

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...