Zfs_storage_appliance_kit - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Zfs_storage_appliance_kit
(Oracle)

Repositories	https://github.com/apache/httpd
#Vulnerabilities	108

Date	Id	Summary	Products	Score	Patch	Annotated
2022-02-16	CVE-2022-25235	xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.	Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit, Sinema_remote_connect_server	9.8
2022-02-16	CVE-2022-25236	xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.	Debian_linux, Libexpat, Http_server, Zfs_storage_appliance_kit, Sinema_remote_connect_server	9.8
2022-02-18	CVE-2022-25314	In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.	Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit, Sinema_remote_connect_server	7.5
2022-02-18	CVE-2022-25315	In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.	Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit, Sinema_remote_connect_server	9.8
2022-02-26	CVE-2022-23308	valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.	Ipados, Iphone_os, Mac_os_x, Macos, Tvos, Watchos, Debian_linux, Fedora, Active_iq_unified_manager, Bootstrap_os, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Manageability_software_development_kit, Ontap_select_deploy_administration_utility, Smi\-S_provider, Snapdrive, Snapmanager, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_unified_data_repository, Mysql_workbench, Zfs_storage_appliance_kit, Libxml2	7.5
2020-08-07	CVE-2020-11993	Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.	Http_server, Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Leap, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Zfs_storage_appliance_kit	7.5
2021-08-16	CVE-2021-33193	A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.	Http_server, Debian_linux, Fedora, Secure_backup, Zfs_storage_appliance_kit, Tenable\.sc	7.5
2021-09-16	CVE-2021-36160	A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).	Http_server, Brocade_fabric_operating_system_firmware, Debian_linux, Fedora, Cloud_backup, Clustered_data_ontap, Storagegrid, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Http_server, Instantis_enterprisetrack, Peoplesoft_enterprise_peopletools, Zfs_storage_appliance_kit	7.5