|
2019-04-08
|
CVE-2019-0217
|
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
|
Http_server, Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Oncommand_unified_manager, Leap, Enterprise_manager_ops_center, Http_server, Retail_xstore_point_of_service, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation
|
7.5
|
|
|
|
2019-05-15
|
CVE-2019-8936
|
NTP through 4.2.8p12 has a NULL Pointer Dereference.
|
Fedora, Hpux\-Ntp, Clustered_data_ontap, Data_ontap, Ntp, Leap
|
7.5
|
|
|
|
2019-07-01
|
CVE-2019-13118
|
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
|
Icloud, Iphone_os, Itunes, Mac_os_x, Macos, Tvos, Ubuntu_linux, Fedora, Active_iq_unified_manager, Cloud_backup, Clustered_data_ontap, E\-Series_performance_analyzer, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Plug\-In_for_symantec_netbackup, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Jdk, Libxslt
|
5.3
|
|
|
|
2019-08-13
|
CVE-2019-9517
|
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
|
Http_server, Traffic_server, Swiftnio, Ubuntu_linux, Debian_linux, Fedora, Web_gateway, Clustered_data_ontap, Node\.js, Leap, Communications_element_manager, Graalvm, Instantis_enterprisetrack, Retail_xstore_point_of_service, Enterprise_linux, Jboss_core_services, Jboss_enterprise_application_platform, Openshift_service_mesh, Quay, Software_collections, Diskstation_manager, Skynas, Vs960hd_firmware
|
7.5
|
|
|
|
2019-09-26
|
CVE-2019-10092
|
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
|
Http_server, Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Leap, Communications_element_manager, Enterprise_manager_ops_center, Secure_global_desktop, Software_collection
|
6.1
|
|
|
|
2019-12-24
|
CVE-2019-19956
|
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
|
Ubuntu_linux, Debian_linux, Fedora, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Manageability_software_development_kit, Ontap_select_deploy_administration_utility, Steelstore_cloud_integrated_storage, Real_user_experience_insight, Sinema_remote_connect_server, Libxml2
|
7.5
|
|
|
|
2020-01-21
|
CVE-2020-7595
|
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
|
Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Smi\-S_provider, Snapdrive, Steelstore_cloud_integrated_storage, Symantec_netbackup, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Mysql_workbench, Peoplesoft_enterprise_peopletools, Real_user_experience_insight, Sinema_remote_connect_server, Libxml2
|
7.5
|
|
|
|
2020-08-07
|
CVE-2020-11984
|
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
|
Http_server, Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Leap, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Zfs_storage_appliance_kit
|
9.8
|
|
|
|
2020-08-07
|
CVE-2020-11993
|
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.
|
Http_server, Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Leap, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Zfs_storage_appliance_kit
|
7.5
|
|
|
|
2020-09-04
|
CVE-2020-24977
|
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
|
Debian_linux, Fedora, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Hci_h410c_firmware, Inventory_collect_tool, Manageability_software_development_kit, Snapdrive, Leap, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Http_server, Mysql_workbench, Peoplesoft_enterprise_peopletools, Real_user_experience_insight, Libxml2
|
6.5
|
|
|