Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zfs_storage_appliance_kit
(Oracle)| Repositories | https://github.com/apache/httpd |
| #Vulnerabilities | 108 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-05-27 | CVE-2020-13632 | ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. | Fabric_operating_system, Ubuntu_linux, Debian_linux, Fedora, Cloud_backup, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Communications_network_charging_and_control, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite | 5.5 | ||
| 2020-06-03 | CVE-2020-13254 | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. | Ubuntu_linux, Debian_linux, Django, Fedora, Sra_plugin, Steelstore_cloud_integrated_storage, Zfs_storage_appliance_kit | 5.9 | ||
| 2020-06-03 | CVE-2020-13596 | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. | Ubuntu_linux, Debian_linux, Django, Fedora, Sra_plugin, Steelstore_cloud_integrated_storage, Zfs_storage_appliance_kit | 6.1 | ||
| 2020-06-06 | CVE-2020-13871 | SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. | Debian_linux, Fedora, Cloud_backup, Ontap_select_deploy_administration_utility, Communications_messaging_server, Communications_network_charging_and_control, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Mysql_workbench, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite | 7.5 | ||
| 2020-06-24 | CVE-2020-15025 | ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. | 8300_firmware, 8700_firmware, A400_firmware, Cloud_backup, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Steelstore_cloud_integrated_storage, Ntp, Leap, Zfs_storage_appliance_kit | 4.9 | ||
| 2020-08-07 | CVE-2020-9490 | Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. | Http_server, Apache_http_server | 7.5 | ||
| 2020-08-13 | CVE-2020-17498 | In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. | Fedora, Leap, Zfs_storage_appliance_kit, Wireshark | 6.5 | ||
| 2020-08-17 | CVE-2020-1472 | An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft... | Ubuntu_linux, Debian_linux, Fedora, Windows_server_1903, Windows_server_1909, Windows_server_2004, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_20h2, Leap, Zfs_storage_appliance_kit, Samba, Directory_server | N/A | ||
| 2020-09-01 | CVE-2020-24583 | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. | Ubuntu_linux, Django, Fedora, Zfs_storage_appliance_kit | 7.5 | ||
| 2020-09-01 | CVE-2020-24584 | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077. | Ubuntu_linux, Django, Fedora, Zfs_storage_appliance_kit | 7.5 |