24 matches found
CVE-2024-28757
The CVE-2024-28757 entry concerns libexpat up to version 2.6.1, where XML External Entity (XXE) processing can be triggered when isolated external parsers are used (XML_ExternalEntityParserCreate). The impact is denial of service or resource exhaustion (availability impact: HIGH) with CVSS v3.1 b...
CVE-2024-6387
CVE-2024-6387 is a remote code-execution vulnerability in OpenSSH’s server (sshd) caused by a race condition in a signal handler that may run after a client fails to authenticate within LoginGraceTime. The issue is exploitable by an unauthenticated, remote attacker on glibc-based Linux systems, p...
CVE-2023-38709
CVE-2023-38709 describes HTTP response splitting in the core of Apache HTTP Server caused by faulty input validation. It affects Apache HTTP Server up to version 2.4.58; multiple advisories (e.g., Astra Linux, AlmaLinux, Alpine Linux) note that upgrading to 2.4.64 fixes the issue. Some sources in...
CVE-2024-24795
CVE-2024-24795 (httpd) describes HTTP response splitting in multiple Apache HTTP Server modules when malicious response headers can be injected into backend applications, enabling HTTP desynchronization. The vulnerability is mitigated by upgrading to Apache HTTP Server 2.4.59, as indicated across...
CVE-2025-26465
The CVE-2025-26465 issue affects OpenSSH when VerifyHostKeyDNS is enabled. A remote attacker could perform a MITM impersonation by abusing error-code handling during host-key verification, with success contingent on exhausting the client’s memory resources. Affected context is OpenSSH implementat...
CVE-2024-36387
CVE-2024-36387 affects the Apache httpd mod_http2 component: when serving WebSocket protocol upgrades over HTTP/2, it can trigger a NULL pointer dereference and crash the server, degrading performance (DoS). Connected advisories indicate patches across distributions (e.g., Debian security update ...
CVE-2024-27316
CVE-2024-27316 affects the mod_http2 component used with Apache httpd; the issue occurs when HTTP/2 headers exceed the configured limit, causing nghttp2 to buffer headers and potentially leading to memory exhaustion if the client continues sending headers. Connected sources identify affected pack...
CVE-2025-1861
CVE-2025-1861 affects PHP across multiple branches (8.1.x up to 8.1.32, 8.2.x up to 8.2.28, 8.3.x up to 8.3.19, 8.4.x up to 8.4.5). Root cause: the HTTP redirect location is truncated due to a 1024-byte location buffer during redirect handling. Impact: redirects may resolve to an incorrect URL, p...
CVE-2025-1736
CVE-2025-1736 affects PHP 8.1.x before 8.1.32, 8.2.x before 8.2.28, 8.3.x before 8.3.19, and 8.4.x before 8.4.5. The issue is caused by insufficient validation of end-of-line characters in user-supplied headers, which may prevent certain headers from being sent or cause headers to be misinterpret...
CVE-2024-38473
The CVE-2024-38473 issue affects Apache HTTP Server (mod_proxy) in versions up to 2.4.59, where improper/encoded request URL handling can allow requests to reach backends and potentially bypass authentication. Public references and advisories state the vulnerability arises from encoding problems ...
CVE-2024-39573
The CVE-2024-39573 entry corresponds to Apache HTTP Server mod_rewrite/mod_proxy SSRF-related risk and is confirmed by connected sources reporting the issue in Apache httpd 2.4.59 and earlier, with a fix in 2.4.60 (and later 2.4.61 in later advisories). Root cause: unsafe RewriteRules/Substitutio...
CVE-2024-38472
CVE-2024-38472 : Apache HTTP Server on Windows is vulnerable to server-side request forgery (SSRF) that could leak NTLM hashes to a malicious server via crafted requests, due to improper validation of Windows UNC/UNC paths. The issue is addressed by upgrading to Apache HTTP Server 2.4.60 (as note...
CVE-2025-1734
CVE-2025-1734 affects PHP’s HTTP stream wrapper header parsing: headers missing a colon are treated as valid, potentially letting applications accept invalid headers. Affected branches include PHP 8.1.x before 8.1.32, 8.2.x before 8.2.28, 8.3.x before 8.3.19, and 8.4.x before 8.4.5. Mitigations/u...
CVE-2023-4408
The CVE-2023-4408 issue is a vulnerability in the DNS message parsing of BIND's named where the parsing path has an overly high computational complexity. A crafted large or malformed DNS message can cause high CPU usage on affected BIND 9 releases, potentially impacting both authoritative servers...
CVE-2024-11053
CVE-2024-11053 affects curl. When both a .netrc credential file and HTTP redirects are used, curl could leak the password for the initial host to the redirected host if the netrc entry matches the redirect target and omits login/password. The issue is triggered under specific netrc/redirect condi...
CVE-2024-2004
CVE-2024-2004 affects curl/libcurl: a logic error in protocol selection fails to remove all explicitly disabled protocols, leaving the default protocol set active. This could allow using a disabled protocol in certain requests (e.g., curl --proto -all,-http). Concrete details appear across multip...
CVE-2024-8932
CVE-2024-8932 affects PHP 8.1.x up to 8.1.31, PHP 8.2.x up to 8.2.26, and PHP 8.3.x up to 8.3.14. The issue arises from unchecked, very long inputs to ldap_escape() on 32‑bit systems, causing an integer overflow and an out‑of‑bounds write. Impact is information disclosure/DoS potential as describ...
CVE-2025-0167
The CVE-2025-0167 issue affects curl (libcurl) and arises when both using a .netrc for credentials and following HTTP redirects. The root cause, as described across connected documents, is that the netrc entry can omit login and password (or a default entry omits both), which may allow the passwo...
CVE-2024-56171
CVE-2024-56171 affects libxml2 up to 2.12.9 and 2.13.x up to 2.13.5. It is a use-after-free in the functions xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables (in xmlschemas.c). To exploit, a crafted XML document must be validated against an XML schema with certain identity constraints,...
CVE-2025-24928
CVE-2025-24928 affects libxml2 (versions before 2.12.10 and 2.13.x before 2.13.6) with a stack-based buffer overflow in xmlSnprintfElements (valid.c) that requires DTD validation for exploitation. Remediation per connected docs: upgrade libxml2 to 2.12.10+ or 2.13.6+ (e.g., via libxml2 update) an...
CVE-2023-27536
CVE-2023-27536 affects libcurl
CVE-2023-27317
CVE-2023-27317 affects NetApp ONTAP 9.12.1P8, 9.13.1P4 and 9.13.1P5. The issue causes SAS-attached FIPS 140-2 drives to become unlocked after a reboot/power cycle or after reinsertion, enabling potential disclosure of sensitive information to an attacker with physical access. The documents do not...
CVE-2026-22050
CVE-2026-22050 affects NetApp ONTAP 9.16.1 (before 9.16.1P9) and 9.17.1 (before 9.17.1P2) when snapshot locking is enabled. A privileged remote attacker could set the snapshot expiry time to none. This is supported by multiple connected documents (ONTAP advisory NTAP-20260112-0001 and Nessus/PT-S...
CVE-2026-22052
ONTAP 9.12.1+ with S3 NAS buckets is vulnerable to information disclosure. An authenticated attacker could view directory listings they lack permission for. Base CVSS 4.0/5.3 MEDIUM severity (PR:L, UI:N, VC:L). See NTAP advisory NTAP-20260304-0001 for details; exploitation status is not provided ...