CVE-2020-13938
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows
Source: CVE-2020-13938
[월:] 2021년 06월
CVE-2019-17567
CVE-2019-17567
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.
Source: CVE-2019-17567
CVE-2021-26690
CVE-2021-26690
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
Source: CVE-2021-26690
CVE-2020-35452
CVE-2020-35452
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
Source: CVE-2020-35452
CVE-2020-13950
CVE-2020-13950
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
Source: CVE-2020-13950
CVE-2021-30641
CVE-2021-30641
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with ‘MergeSlashes OFF’
Source: CVE-2021-30641
CVE-2021-3588
CVE-2021-3588
The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the ‘offset’ variable before using it as an index into an array for reading.
Source: CVE-2021-3588
CVE-2021-33393
CVE-2021-33393
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the ownership/permissions of other files may be present as well.
Source: CVE-2021-33393
CVE-2021-0129
CVE-2021-0129
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
Source: CVE-2021-0129
CVE-2020-24474
CVE-2020-24474
Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
Source: CVE-2020-24474