Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
uwsgi vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-6758
The uwsgi_expand_path function in core/utils.c in Unbit uWSGI up to and including 2.0.15 has a stack-based buffer overflow via a large directory length.
Unbit Uwsgi
7.5
CVSSv3
CVE-2023-27522
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 up to and including 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.
Apache Http Server
Debian Debian Linux 10.0
Unbit Uwsgi
7.5
CVSSv3
CVE-2018-7490
uWSGI prior to 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.
Unbit Uwsgi
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 EDB exploit
1 Github repository
9.8
CVSSv3
CVE-2020-11984
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
Apache Http Server
Netapp Clustered Data Ontap -
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Leap 15.1
Opensuse Leap 15.2
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Hyperion Infrastructure Technology 11.1.2.4
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Communications Session Route Manager
Oracle Communications Session Report Manager
Oracle Communications Element Manager
Oracle Zfs Storage Appliance Kit 8.8
7 Github repositories
7.5
CVSSv3
CVE-2020-9490
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off&quo...
Apache Http Server
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Hyperion Infrastructure Technology 11.1.2.4
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Communications Session Route Manager
Oracle Communications Session Report Manager
Oracle Communications Element Manager
Oracle Zfs Storage Appliance Kit 8.8
Opensuse Leap 15.1
Opensuse Leap 15.2
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Redhat Software Collections 1.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
1 Github repository
1 Article
7.5
CVSSv3
CVE-2020-11993
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "in...
Apache Http Server
Netapp Clustered Data Ontap -
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Opensuse Leap 15.1
Opensuse Leap 15.2
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Hyperion Infrastructure Technology 11.1.2.4
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Communications Session Route Manager
Oracle Communications Session Report Manager
Oracle Communications Element Manager
Oracle Zfs Storage Appliance Kit 8.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started