Vulnerabilities > Oracle > ZFS Storage Appliance KIT > 8.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-20 | CVE-2021-3426 | Path Traversal vulnerability in multiple products There's a flaw in Python 3's pydoc. | 5.7 |
2021-05-19 | CVE-2021-3517 | Out-of-bounds Write vulnerability in multiple products There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. | 8.6 |
2021-05-06 | CVE-2021-29921 | In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. | 9.8 |
2021-04-23 | CVE-2021-22207 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file | 6.5 |
2021-03-25 | CVE-2021-3449 | NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. | 5.9 |
2021-03-23 | CVE-2021-20227 | Use After Free vulnerability in multiple products A flaw was found in SQLite's SELECT query functionality (src/select.c). | 5.5 |
2021-03-21 | CVE-2021-28957 | Cross-site Scripting vulnerability in multiple products An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. | 6.1 |
2021-02-16 | CVE-2021-23841 | NULL Pointer Dereference vulnerability in multiple products The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. | 5.9 |
2021-02-16 | CVE-2021-23839 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products OpenSSL 1.0.2 supports SSLv2. | 3.7 |
2021-01-19 | CVE-2021-3177 | Classic Buffer Overflow vulnerability in multiple products Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. | 9.8 |