Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zfs_storage_appliance_kit
(Oracle)| Repositories | https://github.com/apache/httpd |
| #Vulnerabilities | 108 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-08-07 | CVE-2020-9490 | Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. | Http_server, Apache_http_server | 7.5 | ||
| 2020-08-13 | CVE-2020-17498 | In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. | Fedora, Leap, Zfs_storage_appliance_kit, Wireshark | 6.5 | ||
| 2020-09-01 | CVE-2020-24583 | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. | Ubuntu_linux, Django, Fedora, Zfs_storage_appliance_kit | 7.5 | ||
| 2020-09-01 | CVE-2020-24584 | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077. | Ubuntu_linux, Django, Fedora, Zfs_storage_appliance_kit | 7.5 | ||
| 2020-09-27 | CVE-2020-26116 | http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. | Ubuntu_linux, Debian_linux, Fedora, Hci_compute_node, Hci_storage_node, Solidfire, Leap, Zfs_storage_appliance_kit, Python | 7.2 | ||
| 2020-09-30 | CVE-2020-26137 | urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. | Ubuntu_linux, Debian_linux, Communications_cloud_native_core_network_function_cloud_native_environment, Zfs_storage_appliance_kit, Urllib3 | 6.5 | ||
| 2020-10-06 | CVE-2020-25866 | In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. | Fedora, Leap, Zfs_storage_appliance_kit, Wireshark | 7.5 | ||
| 2020-12-03 | CVE-2020-27783 | A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. | Debian_linux, Fedora, Lxml, Snapcenter, Communications_offline_mediation_controller, Zfs_storage_appliance_kit, Enterprise_linux, Software_collections | 6.1 | ||
| 2020-12-09 | CVE-2020-29651 | A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. | Fedora, Zfs_storage_appliance_kit, Py | 7.5 | ||
| 2020-12-11 | CVE-2020-26418 | Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | Debian_linux, Fedora, Zfs_storage_appliance_kit, Wireshark | 5.3 |