18 matches found
Astra Linux – Vulnerability in Apache2
A regression in Apache HTTP Server 2.4.60 ignores some uses of the legacy content-type-based configuration for handlers. Configurations like “AddType” and similar settings, under certain circumstances where files are requested indirectly, can lead to exposure of local content in the source code...
CVE-2026-48557
Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...
CVE-2026-48557 Spatie Laravel Media Library < 11.23.0 File Upload Restriction Bypass via FileAdder.php
Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...
MiracleLinux 7 : httpd-2.4.6-99.1.0.3.el7.AXS7 (AXSA:2024-8720:05)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8720:05 advisory. CVE-2024-39884: modules: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-38476 fix...
CVE-2012-10063 Nagios XI < 2012R1.3 Authenticated SQL Injection in Legacy CCM
Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager CCM interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially allowing access to configuration data stored in th...
AZL-43414 CVE-2024-40725 affecting package httpd for versions less than 2.4.62-1
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...
CVE-2024-40725
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...
BIT-APACHE-2024-39884 Apache HTTP Server: source code disclosure with handlers configured via AddType
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...
ALPINE-CVE-2024-39884
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...
DEBIAN-CVE-2024-39884
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...
CVE-2024-39884
CVE-2024-39884 affects Apache HTTP Server (notably 2.4.60 and older) where legacy content-type based configuration (e.g., AddType) could cause source code disclosure for indirectly requested files, potentially exposing local content (e.g., PHP scripts being served). Affected vendors consistently ...
xorg-x11-server: Use-after-free bug in DestroyWindow
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration a multi-screen setup with multiple protocol screens, also known as Zaphod mode if the pointer is warped from within a window on one screen to the root window of the othe...
PT-2024-7728 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel version 6.6.0 Description: The vulnerability is related to a NULL pointer dereference in the Linux kernel's perf subsystem. It occurs when the ctr get width function is not defined for the legacy case, but is used in arch perf...
EulerOS 2.0 SP11 : xorg-x11-server (EulerOS-SA-2024-1131)
According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when...
xorg-x11-server: Use-after-free bug in DestroyWindow
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration a multi-screen setup with multiple protocol screens, also known as Zaphod mode if the pointer is warped from within a window on one screen to the root window of the othe...
Fedora 37 : xorg-x11-server (2023-f111d2f306)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f111d2f306 advisory. Security fix for CVE-2023-5367, CVE-2023-5380 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
CVE-2023-5380
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration a multi-screen setup with multiple protocol screens, also known as Zaphod mode if the pointer is warped from within a window on one screen to the root window of the othe...
CVE-2023-5380
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration a multi-screen setup with multiple protocol screens, also known as Zaphod mode if the pointer is warped from within a window on one screen to the root window of the othe...