Zfs Storage Appliance Kit

zfs_storage_appliance_kit

Vendor: Oracle • 117 CVEs

CVEs (117)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-12243 8Apple BroadcomCanonical+5 more 18Brocade Fabric Operating System Cloud BackupDebian Linux+15 more Nov 21, 2024 Apr 28, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
CVE-2020-11656 5Netapp OracleSiemens+2 more 12Communications Messaging Server Communications Network Charging And ControlEnterprise Manager Ops Center+9 more Nov 21, 2024 Apr 9, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
CVE-2020-11655 7Canonical DebianNetapp+4 more 18Communications Element Manager Communications Messaging ServerCommunications Network Charging And Control+15 more Nov 21, 2024 Apr 9, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVE-2020-1927 8Apache BroadcomCanonical+5 more 14Brocade Fabric Operating System Communications Element ManagerCommunications Session Report Manager+11 more Nov 21, 2024 Apr 2, 2020 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request U...Show more In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.Show less
CVE-2020-1934 6Apache CanonicalDebian+3 more 11Communications Element Manager Communications Session Report ManagerCommunications Session Route Manager+8 more Nov 21, 2024 Apr 1, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
CVE-2020-10108 5Canonical DebianFedoraproject+2 more 6Debian Linux FedoraSolaris+3 more Nov 25, 2024 Mar 12, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the re...Show more In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.Show less
CVE-2020-9327 5Canonical NetappOracle+2 more 11Cloud Backup Communications Messaging ServerCommunications Network Charging And Control+8 more Nov 21, 2024 Feb 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
CVE-2020-7044 4Fedoraproject OpensuseOracle+1 more 5Fedora LeapSolaris+2 more Nov 21, 2024 Jan 16, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.
CVE-2019-14822 4Canonical Ibus ProjectOracle+1 more 4Enterprise Linux IbusUbuntu Linux+1 more Nov 21, 2024 Nov 25, 2019 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attac...Show more A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.Show less
CVE-2019-11135 9Canonical DebianFedoraproject+6 more 160Apollo 2000 Firmware Apollo 4200 FirmwareCeleron 5305u Firmware+157 more May 28, 2026 Nov 14, 2019 N/A· v4 6.5 MEDIUM· v3 2.1 LOW· v2 TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
CVE-2019-10219 3Netapp OracleRedhat 188Access Manager Active Iq Unified ManagerAgile Engineering Data Management+185 more Jul 7, 2025 Nov 8, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can r...Show more A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.Show less
CVE-2019-16056 7Canonical DebianFedoraproject+4 more 10Communications Operations Monitor Debian LinuxFedora+7 more Nov 21, 2024 Sep 6, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that u...Show more An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.Show less
CVE-2019-13565 7Apple CanonicalDebian+4 more 9Blockchain Platform Debian LinuxLeap+6 more Nov 21, 2024 Jul 26, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would o...Show more An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.Show less
CVE-2019-13057 7Apple CanonicalDebian+4 more 9Blockchain Platform Debian LinuxLeap+6 more Nov 21, 2024 Jul 26, 2019 N/A· v4 4.9 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant de...Show more An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)Show less
CVE-2019-13038 4Canonical FedoraprojectMod Auth Mellon Project+1 more 4Fedora Mod Auth MellonUbuntu Linux+1 more Nov 21, 2024 Jun 29, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
CVE-2019-12387 4Canonical FedoraprojectOracle+1 more 5Fedora SolarisTwisted+2 more Nov 25, 2024 Jun 10, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
CVE-2018-20781 3Canonical GnomeOracle 3Gnome Keyring Ubuntu LinuxZfs Storage Appliance Kit Nov 21, 2024 Feb 12, 2019 N/A· v4 7.8 HIGH· v3 2.1 LOW· v2 In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.

Previous 1 2 3 4 56