Zfs Storage Appliance Kit

zfs_storage_appliance_kit

Vendor: Oracle • 117 CVEs

CVEs (117)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-27783 6Debian FedoraprojectLxml+3 more 8Communications Offline Mediation Controller Debian LinuxEnterprise Linux+5 more Dec 17, 2025 Dec 3, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could...Show more A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.Show less
CVE-2020-25866 4Fedoraproject OpensuseOracle+1 more 4Fedora LeapWireshark+1 more Nov 21, 2024 Oct 6, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/pac...Show more In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.Show less
CVE-2020-26137 4Canonical DebianOracle+1 more 5Communications Cloud Native Core Network Function Cloud Native Environment Debian LinuxUbuntu Linux+2 more Nov 21, 2024 Sep 30, 2020 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-...Show more urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.Show less
CVE-2020-26116 7Canonical DebianFedoraproject+4 more 8Debian Linux FedoraHci Storage Node+5 more Nov 21, 2024 Sep 27, 2020 N/A· v4 7.2 HIGH· v3 6.4 MEDIUM· v2 http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF cont...Show more http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.Show less
CVE-2020-24584 4Canonical DjangoprojectFedoraproject+1 more 4Django FedoraUbuntu Linux+1 more Nov 21, 2024 Sep 1, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather t...Show more An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.Show less
CVE-2020-24583 4Canonical DjangoprojectFedoraproject+1 more 4Django FedoraUbuntu Linux+1 more Nov 21, 2024 Sep 1, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in...Show more An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.Show less
CVE-2020-1472 8Canonical DebianFedoraproject+5 more 15Debian Linux Directory ServerFedora+12 more Feb 23, 2026 Aug 17, 2020 N/A· v4 10.0 CRITICAL· v3 9.3 HIGH· v2 An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successful...Show more An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.Show less
CVE-2020-17498 4Fedoraproject OpensuseOracle+1 more 4Fedora LeapWireshark+1 more Nov 21, 2024 Aug 13, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
CVE-2020-9490 7Apache CanonicalDebian+4 more 25Communications Element Manager Communications Session Report ManagerCommunications Session Route Manager+22 more Nov 21, 2024 Aug 7, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Confi...Show more Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.Show less
CVE-2020-11993 7Apache CanonicalDebian+4 more 13Clustered Data Ontap Communications Element ManagerCommunications Session Report Manager+10 more May 1, 2025 Aug 7, 2020 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory...Show more Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.Show less
CVE-2020-11984 7Apache CanonicalDebian+4 more 13Clustered Data Ontap Communications Element ManagerCommunications Session Report Manager+10 more Nov 21, 2024 Aug 7, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
CVE-2019-20907 7Canonical DebianFedoraproject+4 more 8Active Iq Unified Manager Cloud Volumes Ontap MediatorDebian Linux+5 more Nov 21, 2024 Jul 13, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
CVE-2019-20892 2Net Snmp Oracle 2Net Snmp Zfs Storage Appliance Kit Nov 21, 2024 Jun 25, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, bu...Show more net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.Show less
CVE-2020-15025 4Netapp NtpOpensuse+1 more 168300 Firmware 8700 FirmwareA400 Firmware+13 more Nov 21, 2024 Jun 24, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used...Show more ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.Show less
CVE-2020-13871 6Debian FedoraprojectNetapp+3 more 12Cloud Backup Communications Messaging ServerCommunications Network Charging And Control+9 more Nov 21, 2024 Jun 6, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
CVE-2020-13596 6Canonical DebianDjangoproject+3 more 7Debian Linux DjangoFedora+4 more Nov 21, 2024 Jun 3, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
CVE-2020-13254 6Canonical DebianDjangoproject+3 more 7Debian Linux DjangoFedora+4 more Nov 21, 2024 Jun 3, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential da...Show more An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.Show less
CVE-2020-13632 8Brocade CanonicalDebian+5 more 12Cloud Backup Communications Network Charging And ControlDebian Linux+9 more Nov 21, 2024 May 27, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
CVE-2020-13631 8Apple BrocadeCanonical+5 more 18Cloud Backup Communications Network Charging And ControlFabric Operating System+15 more Nov 21, 2024 May 27, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
CVE-2020-13630 9Apple BrocadeCanonical+6 more 19Cloud Backup Communications Network Charging And ControlDebian Linux+16 more Nov 21, 2024 May 27, 2020 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

Previous 1 2 3 456 Next