Oracle

Zfs Storage Appliance Kit

117 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2020-27783

Exploit
  • EPSS 1.14%
  • Veröffentlicht 03.12.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:21:49

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbit...

7.5

CVE-2020-25866

Exploit
  • EPSS 0.97%
  • Veröffentlicht 06.10.2020 15:15:15
  • Zuletzt bearbeitet 21.11.2024 05:18:56

In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasona...

6.5

CVE-2020-26137

  • EPSS 0.24%
  • Veröffentlicht 30.09.2020 18:15:26
  • Zuletzt bearbeitet 21.11.2024 05:19:19

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

7.2

CVE-2020-26116

Exploit
  • EPSS 0.53%
  • Veröffentlicht 27.09.2020 04:15:11
  • Zuletzt bearbeitet 21.11.2024 05:19:16

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first ar...

7.5

CVE-2020-24583

  • EPSS 3.43%
  • Veröffentlicht 01.09.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:03

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading file...

7.5

CVE-2020-24584

  • EPSS 3.29%
  • Veröffentlicht 01.09.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:03

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.

9.3

CVE-2020-1472

Warnung Exploit
  • EPSS 94.38%
  • Veröffentlicht 17.08.2020 19:15:15
  • Zuletzt bearbeitet 29.10.2025 13:54:15

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability...

6.5

CVE-2020-17498

Exploit
  • EPSS 0.23%
  • Veröffentlicht 13.08.2020 16:15:13
  • Zuletzt bearbeitet 21.11.2024 05:08:13

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.

7.5

CVE-2020-9490

  • EPSS 75.82%
  • Veröffentlicht 07.08.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:45

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via ...

9.8

CVE-2020-11984

Exploit
  • EPSS 75.35%
  • Veröffentlicht 07.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:02

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE