Lucene search
+L

178 matches found

OpenVAS
OpenVAS
added 2023/01/27 12:0 a.m.32 views

Ubuntu: Security Advisory (USN-5054-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.90039EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2022/10/26 8:15 p.m.6 views

httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path

An out-of-bounds read in modproxyuwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability...

7.5CVSS7.2AI score0.62887EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/10/26 8:5 p.m.5 views

httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path

An out-of-bounds read in modproxyuwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability...

7.5CVSS7.2AI score0.62887EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/09/29 1:33 p.m.4 views

httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path

An out-of-bounds read in modproxyuwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability...

7.5CVSS7.2AI score0.62887EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/05/14 3:35 a.m.5 views

liveprofiler (>=0.2.0 <=1.0.0), prediction (=0.0.3) potentially affected by CVE-2018-7490 via uwsgi (>=2.0.13.1 <=2.0.15)

uwsgi PYPI version =2.0.13.1, =0.2.0, =1.0.0 - prediction =0.0.3 Source cves: CVE-2018-7490 Source advisory: OSV:GHSA-H2VM-C85R-5VH5...

7.5CVSS7.1AI score0.69907EPSS
Exploits5
OSV
OSV
added 2022/05/14 3:35 a.m.5 views

GHSA-H2VM-C85R-5VH5 uWSGI Directory Traversal vulnerability

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

8.7CVSS7.5AI score0.69907EPSS
Exploits5References7
Github Security Blog
Github Security Blog
added 2022/05/14 3:35 a.m.22 views

uWSGI Directory Traversal vulnerability

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

7.5CVSS6.6AI score0.69907EPSS
Exploits5References7Affected Software1
RedHat Linux
RedHat Linux
added 2022/05/10 2:18 p.m.6 views

httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path

An out-of-bounds read in modproxyuwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability...

7.5CVSS7.2AI score0.62887EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2022/02/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-11984

Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE...

9.8CVSS6.9AI score0.90039EPSS
Exploits2References1
Debian
Debian
added 2021/10/20 6:4 p.m.50 views

[SECURITY] [DLA 2768-2] uwsgi regression update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2768-2 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler October 20, 2021 https://wiki.debian.org/LTS -...

7.5CVSS8.8AI score0.62887EPSS
Exploits0
OSV
OSV
added 2021/10/20 12:0 a.m.7 views

DLA-2768-2 uwsgi - regression update

Bulletin has no description...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/10/02 12:0 a.m.51 views

Debian DLA-2768-1 : uwsgi - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2768 advisory. It was discovered that the uwsgi proxy module for Apache2 modproxyuwsgi can read above the allocated memory when processing a request with a carefully crafted uri-path. An...

7.5CVSS7.9AI score0.62887EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/10/01 12:0 a.m.36 views

Debian: Security Advisory (DLA-2768-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.8AI score0.62887EPSS
Exploits0References4
Debian
Debian
added 2021/09/29 7:53 p.m.56 views

[SECURITY] [DLA 2768-1] uwsgi security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2768-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler September 29, 2021 https://wiki.debian.org/LTS -...

7.5CVSS8.8AI score0.62887EPSS
Exploits0
OSV
OSV
added 2021/09/29 12:0 a.m.86 views

DLA-2768-1 uwsgi - security update

Bulletin has no description...

7.5CVSS8.7AI score0.62887EPSS
Exploits0
OSV
OSV
added 2021/09/28 3:5 p.m.5 views

USN-5090-4 apache2 regression

USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote...

6AI score
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2021/09/28 7:0 a.m.2 views

mod_proxy_uwsgi out of bound read

...

7.5CVSS7AI score0.62887EPSS
Exploits0
OSV
OSV
added 2021/09/16 3:15 p.m.7 views

AZL-6485 CVE-2021-36160 affecting package httpd for versions less than 2.4.52-1

A carefully crafted request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS. This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 inclusive...

7.5CVSS7.2AI score0.62887EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/09/16 12:0 a.m.4 views

Apache HTTP Server 缓冲区错误漏洞

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server versions 2.4.30 to 2.4.48 contain a denial-of-service vulnerability that stems from a network system or product that does not properly validate incoming data. An attacker could exploit this vulnerabilit...

7.5CVSS7.9AI score0.62887EPSS
Exploits0References50
Ubuntu
Ubuntu
added 2021/09/03 6:48 p.m.62 views

USN-5054-2: uWSGI vulnerability

USN-5054-1 fixed a vulnerability in uWSGI for Ubuntu 18.04 LTS. This update provides the corresponding fixes for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Felix Wilhelm discovered a buffer overflow flaw in the modproxyuwsgi module. An attacker could use this vulnerability ...

9.8CVSS7.5AI score0.90039EPSS
Exploits2
Rows per page
Query Builder