Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_manager_ops_center
(Oracle)| Repositories |
• https://github.com/apache/httpd
• https://github.com/jquery/jquery |
| #Vulnerabilities | 109 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-08-07 | CVE-2020-11984 | Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE | Http_server, Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Leap, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Zfs_storage_appliance_kit | 9.8 | ||
| 2020-08-07 | CVE-2020-11993 | Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. | Http_server, Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Leap, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Zfs_storage_appliance_kit | 7.5 | ||
| 2020-08-07 | CVE-2020-9490 | Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. | Http_server, Apache_http_server | 7.5 | ||
| 2020-09-04 | CVE-2020-24977 | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. | Debian_linux, Fedora, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Hci_h410c_firmware, Inventory_collect_tool, Manageability_software_development_kit, Snapdrive, Leap, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Http_server, Mysql_workbench, Peoplesoft_enterprise_peopletools, Real_user_experience_insight, Libxml2 | 6.5 | ||
| 2021-01-19 | CVE-2021-3177 | Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. | Debian_linux, Fedora, Active_iq_unified_manager, Ontap_select_deploy_administration_utility, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_offline_mediation_controller, Communications_pricing_design_center, Enterprise_manager_ops_center, Zfs_storage_appliance_kit, Python | 9.8 | ||
| 2021-02-15 | CVE-2021-23336 | The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can... | Debian_linux, Django, Fedora, Cloud_backup, Inventory_collect_tool, Ontap_select_deploy_administration_utility, Snapcenter, Communications_offline_mediation_controller, Communications_pricing_design_center, Enterprise_manager_ops_center, Zfs_storage_appliance, Python | 5.9 | ||
| 2021-05-14 | CVE-2021-3537 | A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. | Debian_linux, Fedora, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Hci_h410c_firmware, Manageability_software_development_kit, Ontap_select_deploy_administration_utility, Snapdrive, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Mysql_workbench, Openjdk, Peoplesoft_enterprise_peopletools, Real_user_experience_insight, Enterprise_linux, Jboss_core_services, Libxml2 | 5.9 | ||
| 2021-05-18 | CVE-2021-3518 | There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. | Debian_linux, Fedora, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Hci_h410c_firmware, Manageability_software_development_kit, Ontap_select_deploy_administration_utility, Snapdrive, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Mysql_workbench, Peoplesoft_enterprise_peopletools, Real_user_experience_insight, Enterprise_linux, Jboss_core_services, Libxml2 | 8.8 | ||
| 2021-05-28 | CVE-2021-29505 | XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17. | Debian_linux, Fedora, Snapmanager, Banking_cash_management, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_supply_chain_finance, Banking_trade_finance_process_management, Business_activity_monitoring, Communications_brm_\-_elastic_charging_engine, Communications_unified_inventory_management, Enterprise_manager_ops_center, Retail_xstore_point_of_service, Webcenter_portal, Webcenter_sites, Xstream | 8.8 | ||
| 2021-06-10 | CVE-2020-13950 | Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service | Http_server, Debian_linux, Fedora, Enterprise_manager_ops_center, Instantis_enterprisetrack, Zfs_storage_appliance_kit | 7.5 |