Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Secure_global_desktop
(Oracle)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 35 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-03-18 | CVE-2014-0098 | The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. | Http_server, Ubuntu_linux, Http_server, Secure_global_desktop | N/A | ||
| 2014-07-20 | CVE-2014-0226 | Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. | Http_server, Debian_linux, Enterprise_manager_ops_center, Http_server, Secure_global_desktop, Jboss_enterprise_application_platform | N/A | ||
| 2017-06-20 | CVE-2017-3167 | In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. | Http_server, Mac_os_x, Debian_linux, Clustered_data_ontap, Oncommand_unified_manager, Storagegrid, Secure_global_desktop, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Jboss_core_services | 9.8 | ||
| 2017-06-20 | CVE-2017-7668 | The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. | Http_server, Mac_os_x, Debian_linux, Clustered_data_ontap, Oncommand_unified_manager, Storagegrid, Secure_global_desktop, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.5 | ||
| 2017-07-13 | CVE-2017-9788 | In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. | Http_server, Mac_os_x, Debian_linux, Oncommand_unified_manager, Storage_automation_store, Secure_global_desktop, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Jboss_core_services, Jboss_enterprise_application_platform, Jboss_enterprise_web_server | 9.1 | ||
| 2018-09-25 | CVE-2018-11763 | In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. | Http_server, Ubuntu_linux, Storage_automation_store, Enterprise_manager_ops_center, Hospitality_guest_access, Instantis_enterprisetrack, Retail_xstore_point_of_service, Secure_global_desktop, Enterprise_linux | 5.9 | ||
| 2018-10-29 | CVE-2018-0735 | The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). | Ubuntu_linux, Debian_linux, Cloud_backup, Cn1610_firmware, Element_software, Oncommand_unified_manager, Santricity_smi\-S_provider, Smi\-S_provider, Snapdrive, Steelstore, Node\.js, Openssl, Api_gateway, Application_server, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Mysql, Peoplesoft_enterprise_peopletools, Primavera_p6_enterprise_project_portfolio_management, Secure_global_desktop, Tuxedo, Vm_virtualbox | 5.9 | ||
| 2019-02-06 | CVE-2018-16890 | libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. | Ubuntu_linux, Debian_linux, Big\-Ip_access_policy_manager, Libcurl, Clustered_data_ontap, Communications_operations_monitor, Http_server, Secure_global_desktop, Enterprise_linux, Sinema_remote_connect_client | 7.5 | ||
| 2019-02-06 | CVE-2019-3822 | libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow... | Ubuntu_linux, Debian_linux, Libcurl, Active_iq_unified_manager, Clustered_data_ontap, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Communications_operations_monitor, Enterprise_manager_ops_center, Http_server, Mysql_server, Secure_global_desktop, Services_tools_bundle, Enterprise_linux, Sinema_remote_connect_client | 9.8 | ||
| 2019-02-06 | CVE-2019-3823 | libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. | Ubuntu_linux, Debian_linux, Libcurl, Clustered_data_ontap, Communications_operations_monitor, Http_server, Secure_global_desktop | 7.5 |