|
2021-10-05
|
CVE-2021-41773
|
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in...
|
Http_server, Fedora, Cloud_backup, Instantis_enterprisetrack
|
7.5
|
|
|
|
2021-10-07
|
CVE-2021-42013
|
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache...
|
Http_server, Fedora, Cloud_backup, Instantis_enterprisetrack, Jd_edwards_enterpriseone_tools, Secure_backup
|
9.8
|
|
|
|
2019-10-11
|
CVE-2019-2215
|
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
|
Ubuntu_linux, Debian_linux, Android, Alp\-Al00b_firmware, Alp\-Tl00b_firmware, Anne\-Al00_firmware, Ares\-Al00b_firmware, Ares\-Al10d_firmware, Ares\-Tl00chw_firmware, Barca\-Al00_firmware, Berkeley\-L09_firmware, Berkeley\-Tl10_firmware, Bla\-Al00b_firmware, Bla\-L29c_firmware, Bla\-Tl00b_firmware, Columbia\-Al00a_firmware, Columbia\-L29d_firmware, Cornell\-Tl10b_firmware, Duke\-L09i_firmware, Dura\-Al00a_firmware, Figo\-Al00a_firmware, Florida\-Al20b_firmware, Florida\-L03_firmware, Florida\-L21_firmware, Florida\-L22_firmware, Florida\-Tl10b_firmware, Honor_9i_firmware, Honor_view_20_firmware, Jakarta\-Al00a_firmware, Johnson\-Tl00d_firmware, Leland\-Al10b_firmware, Leland\-L21a_firmware, Leland\-L32a_firmware, Leland\-Tl10b_firmware, Leland\-Tl10c_firmware, Lelandp\-Al00c_firmware, Lelandp\-L22c_firmware, Mate_rs_firmware, Neo\-Al00d_firmware, Nova_2s_firmware, Nova_3_firmware, Nova_3e_firmware, P20_firmware, P20_lite_firmware, Princeton\-Al10b_firmware, Rhone\-Al00_firmware, Stanford\-L09_firmware, Stanford\-L09s_firmware, Sydney\-Al00_firmware, Sydney\-Tl00_firmware, Sydneym\-Al00_firmware, Tony\-Al00b_firmware, Tony\-Tl00b_firmware, Y9_2019_firmware, Yale\-Al00a_firmware, Yale\-L21a_firmware, Yale\-Tl00b_firmware, A220_firmware, A320_firmware, A800_firmware, Aff_baseboard_management_controller_firmware, C190_firmware, Cloud_backup, Data_availability_services, Fas2720_firmware, Fas2750_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H610s_firmware, H700s_firmware, Hci_management_node, Service_processor, Solidfire, Solidfire_baseboard_management_controller_firmware, Steelstore_cloud_integrated_storage
|
7.8
|
|
|
|
2016-11-10
|
CVE-2016-5195
|
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
|
Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Cloud_backup, Hci_storage_nodes, Oncommand_balance, Oncommand_performance_manager, Oncommand_unified_manager_for_clustered_data_ontap, Ontap_select_deploy_administration_utility, Snapprotect, Solidfire, Pan\-Os, Enterprise_linux, Enterprise_linux_aus, Enterprise_linux_eus, Enterprise_linux_long_life, Enterprise_linux_tus
|
7.0
|
|
|
|
2021-09-16
|
CVE-2021-40438
|
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
|
Http_server, Brocade_fabric_operating_system_firmware, Debian_linux, F5os, Fedora, Cloud_backup, Clustered_data_ontap, Storagegrid, Enterprise_manager_ops_center, Http_server, Instantis_enterprisetrack, Secure_global_desktop, Zfs_storage_appliance_kit, Ruggedcom_nms, Sinec_nms, Sinema_remote_connect_server, Sinema_server, Tenable\.sc
|
9.0
|
|
|
|
2021-01-26
|
CVE-2021-3156
|
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
|
Privilege_management_for_mac, Privilege_management_for_unix\/linux, Debian_linux, Fedora, Web_gateway, Active_iq_unified_manager, Cloud_backup, Hci_management_node, Oncommand_unified_manager_core_package, Ontap_select_deploy_administration_utility, Ontap_tools, Solidfire, Communications_performance_intelligence_center, Micros_compact_workstation_3_firmware, Micros_es400_firmware, Micros_kitchen_display_system_firmware, Micros_workstation_5a_firmware, Micros_workstation_6_firmware, Tekelec_platform_distribution, Sudo, Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware
|
7.8
|
|
|
|
2021-01-06
|
CVE-2020-36184
|
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
|
Debian_linux, Jackson\-Databind, Cloud_backup, Service_level_manager, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_extensibility_workbench, Banking_supply_chain_finance, Banking_treasury_management, Banking_virtual_account_management, Blockchain_platform, Commerce_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_convergent_charging_controller, Communications_diameter_signaling_route, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Communications_offline_mediation_controller, Communications_policy_management, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Data_integrator, Documaker, Goldengate_application_adapters, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_gateway, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_merchandising_system, Retail_service_backbone, Retail_xstore_point_of_service, Webcenter_portal
|
8.1
|
|
|
|
2021-01-07
|
CVE-2020-36179
|
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
|
Debian_linux, Jackson\-Databind, Cloud_backup, Service_level_manager, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_supply_chain_finance, Banking_treasury_management, Banking_virtual_account_management, Blockchain_platform, Commerce_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_convergent_charging_controller, Communications_diameter_signaling_route, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Communications_offline_mediation_controller, Communications_policy_management, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Data_integrator, Goldengate_application_adapters, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_gateway, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_merchandising_system, Retail_service_backbone, Retail_xstore_point_of_service, Webcenter_portal
|
8.1
|
|
|
|
2021-01-07
|
CVE-2020-36180
|
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
|
Debian_linux, Jackson\-Databind, Cloud_backup, Service_level_manager, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_extensibility_workbench, Banking_supply_chain_finance, Banking_treasury_management, Banking_virtual_account_management, Blockchain_platform, Commerce_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_convergent_charging_controller, Communications_diameter_signaling_route, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Communications_offline_mediation_controller, Communications_policy_management, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Data_integrator, Documaker, Goldengate_application_adapters, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_gateway, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_merchandising_system, Retail_service_backbone, Retail_xstore_point_of_service, Webcenter_portal
|
8.1
|
|
|
|
2021-01-07
|
CVE-2020-36182
|
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
|
Debian_linux, Jackson\-Databind, Cloud_backup, Service_level_manager, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_extensibility_workbench, Banking_supply_chain_finance, Banking_treasury_management, Banking_virtual_account_management, Blockchain_platform, Commerce_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_convergent_charging_controller, Communications_diameter_signaling_route, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Communications_offline_mediation_controller, Communications_policy_management, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Data_integrator, Documaker, Goldengate_application_adapters, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_gateway, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_merchandising_system, Retail_service_backbone, Retail_xstore_point_of_service, Webcenter_portal
|
8.1
|
|
|