Lucene search
K

2963 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Apache2

The Apache HTTP Server protocol handler for the HTTP/2 protocol checks the received request headers against the size limitations configured for the server. These restrictions are also applied to the HTTP/1 protocol. If any violations occur, an HTTP response is sent to the client with a status cod...

7.5CVSS7.5AI score0.51208EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.15

The following vulnerability has been resolved in the Linux kernel: btrfs: fixed an issue with the tree mod log handling of reallocated nodes. We have observed the following panics in production: - Kernel bug at fs/btrfs/tree-mod-log.c:677! - Invalid opcode: 0000 1 SMP - RIP:...

5.5CVSS6.3AI score0.00164EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Apache2

Inconsistent interpretation of HTTP requests: The “HTTP Request Smuggling” vulnerability in modproxyajp of the Apache HTTP Server allows an attacker to secretly send requests to the AJP server to which the server forwards requests. This issue affects the Apache HTTP Server version 2.4.54 and...

9CVSS6.7AI score0.01879EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Apache2

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of any exploits that could exploit this vulnerability, but it might be possible to create such exploits. This issue affects Apache HT...

9.8CVSS7.7AI score0.97108EPSS
Exploits4References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Apache2

The Apache HTTP Server versions 2.4.6 to 2.4.46, with the modproxywstunnel module configured, were used to handle a URL. The origin server did not necessarily upgrade this connection. This setup allowed subsequent requests on the same connection to be processed without any HTTP validation,...

5.3CVSS6.7AI score0.60266EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in Apache2

Apache HTTP Server versions 2.4.41 to 2.4.46 with modproxyhttp can become unstable when processing specially crafted requests that use both Content-Length and Transfer-Encoding headers. This can lead to a denial of service attack...

7.5CVSS7.1AI score0.49089EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.6 views

Fedora 45 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-e212182e6e)

The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-e212182e6e advisory. nginx-mod-brotli: - Rebuild for 1.30.3 nginx-mod-fancyindex: - Rebuild for 1.30.3 nginx-mod-modsecurity: - Rebuild for 1.30.3 nginx-mod-headers-more...

9.2CVSS6.1AI score0.03225EPSS
Exploits4References4
Rockylinux
Rockylinux
added 2026/06/13 12:5 a.m.15 views

mod_http2 security update

An update is available for modhttp2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top o...

7.5CVSS5.5AI score0.11471EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2026/06/12 2:35 p.m.11 views

CVE-2026-29170

A flaw was found in Apache HTTP Server, specifically within the modproxyftp module. This cross-site scripting XSS vulnerability occurs during the generation of HTML directory lists when the server is configured to list FTP directory contents via either a forward or reverse proxy. An attacker coul...

6.1CVSS5AI score0.00504EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.7 views

RockyLinux 10 : mod_http2 (RLSA-2026:25225)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25225 advisory. httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 Tenable has extracted the preceding description block...

7.5CVSS5.9AI score0.11471EPSS
Exploits8References3
OSV
OSV
added 2026/06/11 8:54 p.m.3 views

USN-8425-1 libnginx-mod-js vulnerability

It was discovered that njs did not properly handle certain client- controlled variables when processing ngx.fetch requests. An attacker could possibly use this issue to trigger a heap buffer overflow, resulting in arbitrary code execution or a denial of service...

9.8CVSS6.3AI score0.00889EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.13 views

CVE-2026-47189

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without verifying that the rule belongs to the guild where the command is executed. A user can learn a victim...

8.3CVSS0.00307EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:49 p.m.8 views

CVE-2026-47181 PenguinMod-BackendApi: NoSQL Injection in Password Reset Endpoint Allows Account Takeover

PenguinMod-BackendApi is the backend api for penguinmod. Prior to version 1.0.0, a NoSQL injection vulnerability in the password reset endpoint allows any authenticated user to change the password of an account, leading to full account takeover. An attacker only needs a registered account and a...

8.7CVSS5.3AI score0.00251EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Quest Bot 安全漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the AutoMod deletion process not verifying the server to which the rules belong, potential...

8.3CVSS5.3AI score0.00307EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 8:39 a.m.7 views

BIT-APACHE-2026-43951 Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash

Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

6.5CVSS5.4AI score0.00525EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 8:39 a.m.6 views

BIT-APACHE-2026-34355 Apache HTTP Server: mod_proxy_html buffer overflow

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

7.5CVSS5.6AI score0.00805EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 8:39 a.m.6 views

BIT-APACHE-2026-29170 Apache HTTP Server: mod_proxy_ftp XSS

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS5.1AI score0.00504EPSS
Exploits0References3
Mageia
Mageia
added 2026/06/10 5:7 a.m.12 views

Updated libxmp packages fix security vulnerabilities

CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbisdeinit CVE-2023-45680: Null pointer dereference in vorbisdeinit CVE-2023-45681: Out of bounds heap buffer write CVE-2023-45676: Multi-byte write heap buffer overflow in startdecoder CVE-2023-45677: Heap buffer out of bounds...

7.8CVSS7AI score0.0056EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:29 a.m.7 views

SUSE CVE-2026-29167

Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

5.3CVSS5.4AI score0.00663EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/10 2:29 a.m.9 views

SUSE CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

5.4CVSS5.1AI score0.00504EPSS
Exploits0References6
Rows per page
Query Builder