Security
Headlines
HeadlinesLatestCVEs

Tag

#apache

CVE-2022-29404: security - CVE-2022-29404: Apache HTTP Server: Denial of service in mod_lua r:parsebody

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.

CVE
Open in Source
#vulnerability#web#mac#windows#linux#dos#apache#git#php#auth
CVE-2022-30556: security - CVE-2022-30556: Apache HTTP Server: Information Disclosure in mod_lua with websockets

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.

CVE-2022-28614: security - CVE-2022-28614: Apache HTTP Server: read beyond bounds via ap_rwrite()

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.

CVE-2022-28330: security - CVE-2022-28330: Apache HTTP Server: read beyond bounds in mod_isapi

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.

CVE-2022-2020: vul/Prison Management System(XSS).md at main · ch0ing/vul

A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2022-24969

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

CVE-2022-31393: [Vuln] SSRF vulnerability in `index` Function of `PluginsController.php` File (2.2.5 version) · Issue #76 · Cherry-toto/jizhicms

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.

Confluence OGNL Injection Remote Code Execution

Confluence suffers from a pre-authentication remote code execution vulnerability that is leveraged via OGNL injection. All 7.4.17 versions before 7.18.1 are affected.

Red Hat Security Advisory 2022-4919-01

Red Hat Security Advisory 2022-4919-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include HTTP request smuggling, code execution, denial of service, memory leak, and traversal vulnerabilities.