Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Software_collections
(Redhat)| Repositories | https://github.com/apache/httpd |
| #Vulnerabilities | 133 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-08-07 | CVE-2020-9490 | Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. | Http_server, Apache_http_server | 7.5 | ||
| 2020-12-03 | CVE-2020-27783 | A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. | Debian_linux, Fedora, Lxml, Snapcenter, Communications_offline_mediation_controller, Zfs_storage_appliance_kit, Enterprise_linux, Software_collections | 6.1 | ||
| 2021-05-20 | CVE-2021-3426 | There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. | Debian_linux, Fedora, Cloud_backup, Ontap_select_deploy_administration_utility, Snapcenter, Communications_cloud_native_core_binding_support_function, Zfs_storage_appliance_kit, Python, Enterprise_linux, Software_collections | 5.7 | ||
| 2021-06-01 | CVE-2021-32027 | A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | Postgresql, Enterprise_linux, Jboss_enterprise_application_platform, Software_collections | 8.8 | ||
| 2021-10-04 | CVE-2021-32672 | Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. | Debian_linux, Fedora, Management_services_for_element_software, Management_services_for_netapp_hci, Communications_operations_monitor, Enterprise_linux, Software_collections, Redis | 4.3 | ||
| 2022-03-02 | CVE-2022-0711 | A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. | Debian_linux, Haproxy, Enterprise_linux, Openshift_container_platform, Software_collections | 7.5 | ||
| 2022-03-04 | CVE-2021-23214 | When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. | Fedora, Postgresql, Enterprise_linux, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_little_endian, Software_collections | 8.1 | ||
| 2023-06-09 | CVE-2023-2454 | schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. | Fedora, Postgresql, Enterprise_linux, Software_collections | 7.2 | ||
| 2023-06-09 | CVE-2023-2455 | Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads... | Fedora, Postgresql, Enterprise_linux, Software_collections | 5.4 | ||
| 2022-08-24 | CVE-2021-4189 | A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. | Debian_linux, Ontap_select_deploy_administration_utility, Python, Enterprise_linux, Software_collections | 5.3 |