Vulnerabilities > Oracle > ZFS Storage Appliance KIT > 8.8

DATE CVE VULNERABILITY TITLE RISK
2021-12-30 CVE-2021-4181 Out-of-bounds Read vulnerability in multiple products
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian oracle CWE-125
7.5
7.5
2021-12-30 CVE-2021-4182 Infinite Loop vulnerability in multiple products
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject oracle CWE-835
7.5
7.5
2021-12-30 CVE-2021-4183 Out-of-bounds Read vulnerability in multiple products
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
local
low complexity
wireshark fedoraproject oracle CWE-125
5.5
5.5
2021-12-30 CVE-2021-4184 Infinite Loop vulnerability in multiple products
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian oracle CWE-835
7.5
7.5
2021-12-30 CVE-2021-4185 Infinite Loop vulnerability in multiple products
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian oracle CWE-835
7.5
7.5
2021-12-20 CVE-2021-44790 Out-of-bounds Write vulnerability in multiple products
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).
network
low complexity
apache fedoraproject debian tenable netapp oracle apple CWE-787
critical
 9.8
9.8
2021-12-13 CVE-2021-43818 Injection vulnerability in multiple products
lxml is a library for processing XML and HTML in the Python language.
network
low complexity
lxml fedoraproject debian netapp oracle CWE-74
7.1
7.1
2021-12-07 CVE-2021-42717 Uncontrolled Recursion vulnerability in multiple products
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects.
network
low complexity
trustwave f5 debian oracle CWE-674
5.0
5.0
2021-10-27 CVE-2021-25219 In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance.
network
low complexity
isc debian fedoraproject netapp siemens oracle
5.3
5.3
2021-09-26 CVE-2021-41617 sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. 7.0
7.0