CVE-2017-9789: Read after free in mod_http2.c
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
httpd 2.4.26
Description:
When under stress, closing many connections, the HTTP/2
handling code would sometimes access memory after it has
been freed, resulting in potenti
CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
all versions through 2.2.33 and 2.4.26
Description:
The value placeholder in [Proxy-]Authorization headers
of type 'Digest' was not initialized or rese
Severity: High
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings 3.1.0
Description: Uploaded XML documents were not correctly validated
CVE-2017-7664
The issue was fixed in 3.3.0
All users are recommended to upgrade to Apache OpenMeetings 3.3.0
Credit: This issue wa
Severity: High
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings 3.2.0
Description: Both global and Room chat are vulnerable to XSS attack
CVE-2017-7663
The issue was fixed in 3.3.0
All users are recommended to upgrade to Apache OpenMeetings 3.3.0
Credit: This issue
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings 1.0.0
Description: Apache OpenMeetings doesn't check contents of files being
uploaded. An attacker can cause a denial of service by uploading
multiple large files to the server
CVE-2017-7684
The issue wa
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings 1.0.0
Description: Apache OpenMeetings updates user password in insecure manner.
CVE-2017-7688
The issue was fixed in 3.3.0
All users are recommended to upgrade to Apache OpenMeetings 3.3.0
Credit: This
