Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zfs_storage_appliance_kit
(Oracle)| Repositories | https://github.com/apache/httpd |
| #Vulnerabilities | 108 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-06-01 | CVE-2021-3516 | There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. | Debian_linux, Fedora, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Ontap_select_deploy_administration_utility, Zfs_storage_appliance_kit, Enterprise_linux, Jboss_core_services, Xmllint | 7.8 | ||
| 2021-06-02 | CVE-2021-3520 | There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well. | Lz4, Active_iq_unified_manager, Cloud_backup, Ontap_select_deploy_administration_utility, Communications_cloud_native_core_policy, Zfs_storage_appliance_kit, Universal_forwarder | 9.8 | ||
| 2021-06-07 | CVE-2021-22222 | Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file | Debian_linux, Enterprise_manager_ops_center, Instantis_enterprisetrack, Zfs_storage_appliance_kit, Wireshark | 7.5 | ||
| 2021-06-10 | CVE-2020-13950 | Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service | Http_server, Debian_linux, Fedora, Enterprise_manager_ops_center, Instantis_enterprisetrack, Zfs_storage_appliance_kit | 7.5 | ||
| 2021-06-10 | CVE-2020-35452 | Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow | Http_server, Debian_linux, Fedora, Enterprise_manager_ops_center, Instantis_enterprisetrack, Zfs_storage_appliance_kit | 7.3 | ||
| 2021-06-10 | CVE-2021-26690 | Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service | Http_server, Debian_linux, Fedora, Enterprise_manager_ops_center, Instantis_enterprisetrack, Zfs_storage_appliance_kit | 7.5 | ||
| 2021-06-10 | CVE-2021-26691 | In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow | Http_server, Debian_linux, Fedora, Cloud_backup, Enterprise_manager_ops_center, Instantis_enterprisetrack, Secure_backup, Zfs_storage_appliance_kit | 9.8 | ||
| 2021-06-10 | CVE-2021-30641 | Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' | Http_server, Debian_linux, Fedora, Enterprise_manager_ops_center, Instantis_enterprisetrack, Zfs_storage_appliance_kit | 5.3 | ||
| 2021-06-15 | CVE-2021-31618 | Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This... | Http_server, Debian_linux, Fedora, Enterprise_manager_ops_center, Instantis_enterprisetrack, Zfs_storage_appliance_kit | 7.5 | ||
| 2021-06-29 | CVE-2021-33503 | An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. | Fedora, Enterprise_manager_ops_center, Instantis_enterprisetrack, Zfs_storage_appliance_kit, Urllib3 | 7.5 |