Vulnerabilities > Oracle > ZFS Storage Appliance KIT > 8.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-21 | CVE-2020-26422 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file | 5.0 |
| 2020-12-11 | CVE-2020-26421 | Out-of-bounds Read vulnerability in multiple products Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | 5.3 |
| 2020-12-11 | CVE-2020-26420 | Memory Leak vulnerability in multiple products Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | 5.3 |
| 2020-12-11 | CVE-2020-26419 | Memory Leak vulnerability in multiple products Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. | 5.3 |
| 2020-12-11 | CVE-2020-26418 | Memory Leak vulnerability in multiple products Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | 5.3 |
| 2020-12-09 | CVE-2020-29651 | A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. | 7.5 |
| 2020-12-03 | CVE-2020-27783 | Cross-site Scripting vulnerability in multiple products A XSS vulnerability was discovered in python-lxml's clean module. | 6.1 |
| 2020-10-06 | CVE-2020-25866 | NULL Pointer Dereference vulnerability in multiple products In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. | 7.5 |
| 2020-09-30 | CVE-2020-26137 | Injection vulnerability in multiple products urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). | 6.5 |
| 2020-09-27 | CVE-2020-26116 | Injection vulnerability in multiple products http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. | 7.2 |