Vulnerabilities > Oracle > ZFS Storage Appliance KIT > 8.8

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-20	CVE-2021-3426	Path Traversal vulnerability in multiple products There's a flaw in Python 3's pydoc. low complexity python fedoraproject debian redhat netapp oracle CWE-22	5.7
2021-05-19	CVE-2021-3517	Out-of-bounds Write vulnerability in multiple products There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. network low complexity xmlsoft redhat fedoraproject debian netapp oracle CWE-787	8.6
2021-05-06	CVE-2021-29921	In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. network low complexity python oracle critical	9.8
2021-04-23	CVE-2021-22207	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file network low complexity wireshark fedoraproject oracle debian CWE-770	6.5
2021-03-25	CVE-2021-3449	NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. network high complexity openssl debian freebsd netapp tenable fedoraproject mcafee checkpoint oracle sonicwall siemens nodejs CWE-476	5.9
2021-03-23	CVE-2021-20227	Use After Free vulnerability in multiple products A flaw was found in SQLite's SELECT query functionality (src/select.c). local low complexity sqlite oracle CWE-416	5.5
2021-03-21	CVE-2021-28957	Cross-site Scripting vulnerability in multiple products An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. network low complexity lxml debian fedoraproject netapp oracle CWE-79	6.1
2021-02-16	CVE-2021-23841	NULL Pointer Dereference vulnerability in multiple products The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. network high complexity openssl debian tenable apple netapp oracle siemens CWE-476	5.9
2021-02-16	CVE-2021-23839	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products OpenSSL 1.0.2 supports SSLv2. network high complexity openssl oracle siemens CWE-327	3.7
2021-01-19	CVE-2021-3177	Classic Buffer Overflow vulnerability in multiple products Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. network low complexity python fedoraproject netapp debian oracle CWE-120 critical	9.8