Oracle

Zfs Storage Appliance Kit

108 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2021-26691

  • EPSS 42.56%
  • Veröffentlicht 10.06.2021 07:15:07
  • Zuletzt bearbeitet 21.11.2024 05:56:41

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow

5.3

CVE-2021-30641

  • EPSS 24.56%
  • Veröffentlicht 10.06.2021 07:15:07
  • Zuletzt bearbeitet 21.11.2024 06:04:21

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'

7.5

CVE-2021-22222

  • EPSS 0.4%
  • Veröffentlicht 07.06.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:44

Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file

9.8

CVE-2021-3520

  • EPSS 0.13%
  • Veröffentlicht 02.06.2021 13:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:44

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. Th...

7.8

CVE-2021-3516

Exploit
  • EPSS 0.36%
  • Veröffentlicht 01.06.2021 14:15:10
  • Zuletzt bearbeitet 21.11.2024 06:21:43

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availabi...

5.7

CVE-2021-3426

  • EPSS 0.08%
  • Veröffentlicht 20.05.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:28

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other u...

8.6

CVE-2021-3517

  • EPSS 0.09%
  • Veröffentlicht 19.05.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:44

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-o...

9.8

CVE-2021-29921

Exploit
  • EPSS 1.79%
  • Veröffentlicht 06.05.2021 13:15:12
  • Zuletzt bearbeitet 21.11.2024 06:01:59

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

6.5

CVE-2021-22207

Exploit
  • EPSS 0.47%
  • Veröffentlicht 23.04.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:42

Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file

5.9

CVE-2021-3449

  • EPSS 13.18%
  • Veröffentlicht 25.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:33

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but incl...