Oracle Linux 10 : mod_http2 (ELSA-2025-14625)

The remote Oracle Linux 10 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-14625 advisory. 2.0.29-2.1 - Resolves: RHEL-106263 - CVE-2025-49630 httpd: untrusted input from a client causes an assertion to fail in the Apache modproxyhttp2 module Tenabl...

Undertow vulnerable to Uncontrolled Resource Consumption

A vulnerability was found in the Undertow HTTP server in versions before 2.0.29 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

Remote code execution

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a...

PT-2020-6766 · Inspircd +3 · Inspircd +3

Name of the Vulnerable Software and Affected Versions: InspIRCd versions prior to 2.0.29 InspIRCd versions prior to 3.6.0 Description: An issue was discovered in the pgsql module of InspIRCd, which contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this...

ScrewTurn Software ScrewTurn Wiki 2.0.x - System Log Page HTML Injection

ScrewTurn Software ScrewTurn Wiki 2.0.x - System Log Page HTML Injection source: https://www.securityfocus.com/bid/30429/info ScrewTurn Wiki is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated...