178 matches found
Ubuntu: Security Advisory (USN-5054-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path
An out-of-bounds read in modproxyuwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability...
httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path
An out-of-bounds read in modproxyuwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability...
httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path
An out-of-bounds read in modproxyuwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability...
liveprofiler (>=0.2.0 <=1.0.0), prediction (=0.0.3) potentially affected by CVE-2018-7490 via uwsgi (>=2.0.13.1 <=2.0.15)
uwsgi PYPI version =2.0.13.1, =0.2.0, =1.0.0 - prediction =0.0.3 Source cves: CVE-2018-7490 Source advisory: OSV:GHSA-H2VM-C85R-5VH5...
GHSA-H2VM-C85R-5VH5 uWSGI Directory Traversal vulnerability
uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...
uWSGI Directory Traversal vulnerability
uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...
httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path
An out-of-bounds read in modproxyuwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability...
VulnCheck KEV: CVE-2020-11984
Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE...
[SECURITY] [DLA 2768-2] uwsgi regression update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2768-2 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler October 20, 2021 https://wiki.debian.org/LTS -...
DLA-2768-2 uwsgi - regression update
Bulletin has no description...
Debian DLA-2768-1 : uwsgi - LTS security update
The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2768 advisory. It was discovered that the uwsgi proxy module for Apache2 modproxyuwsgi can read above the allocated memory when processing a request with a carefully crafted uri-path. An...
Debian: Security Advisory (DLA-2768-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2768-1] uwsgi security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2768-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler September 29, 2021 https://wiki.debian.org/LTS -...
DLA-2768-1 uwsgi - security update
Bulletin has no description...
USN-5090-4 apache2 regression
USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote...
mod_proxy_uwsgi out of bound read
...
AZL-6485 CVE-2021-36160 affecting package httpd for versions less than 2.4.52-1
A carefully crafted request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS. This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 inclusive...
Apache HTTP Server 缓冲区错误漏洞
Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server versions 2.4.30 to 2.4.48 contain a denial-of-service vulnerability that stems from a network system or product that does not properly validate incoming data. An attacker could exploit this vulnerabilit...
USN-5054-2: uWSGI vulnerability
USN-5054-1 fixed a vulnerability in uWSGI for Ubuntu 18.04 LTS. This update provides the corresponding fixes for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Felix Wilhelm discovered a buffer overflow flaw in the modproxyuwsgi module. An attacker could use this vulnerability ...