Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zfs_storage_appliance_kit
(Oracle)| Repositories | https://github.com/apache/httpd |
| #Vulnerabilities | 108 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-13 | CVE-2019-20907 | In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. | Ubuntu_linux, Debian_linux, Fedora, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, Leap, Zfs_storage_appliance_kit, Python | 7.5 | ||
| 2020-08-07 | CVE-2020-11984 | Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE | Http_server, Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Leap, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Zfs_storage_appliance_kit | 9.8 | ||
| 2020-08-07 | CVE-2020-11993 | Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. | Http_server, Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Leap, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Zfs_storage_appliance_kit | 7.5 | ||
| 2020-06-25 | CVE-2019-20892 | net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release. | Net\-Snmp, Zfs_storage_appliance_kit | 6.5 | ||
| 2019-07-26 | CVE-2019-13057 | An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB... | Mac_os_x, Ubuntu_linux, Debian_linux, Policy_auditor, Openldap, Leap, Blockchain_platform, Solaris, Zfs_storage_appliance_kit | 4.9 | ||
| 2019-11-25 | CVE-2019-14822 | A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user. | Ubuntu_linux, Ibus, Zfs_storage_appliance_kit, Enterprise_linux | 7.1 | ||
| 2020-04-28 | CVE-2020-12243 | In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | Mac_os_x, Brocade_fabric_operating_system, Ubuntu_linux, Debian_linux, Cloud_backup, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Steelstore_cloud_integrated_storage, Openldap, Leap, Solaris, Zfs_storage_appliance_kit | 7.5 | ||
| 2020-04-09 | CVE-2020-11655 | SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. | Ubuntu_linux, Debian_linux, Ontap_select_deploy_administration_utility, Communications_element_manager, Communications_messaging_server, Communications_network_charging_and_control, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Mysql, Mysql_workbench, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite, Tenable\.sc | 7.5 | ||
| 2020-04-09 | CVE-2020-11656 | In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. | Ontap_select_deploy_administration_utility, Communications_messaging_server, Communications_network_charging_and_control, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Mysql, Mysql_workbench, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite, Tenable\.sc | 9.8 | ||
| 2019-02-12 | CVE-2018-20781 | In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. | Ubuntu_linux, Gnome_keyring, Zfs_storage_appliance_kit | 7.8 |