ZFS Storage Appliance KIT

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-27	CVE-2021-25219	In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. network low complexity isc debian fedoraproject netapp siemens oracle	5.3
2021-09-26	CVE-2021-41617	sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. local high complexity openbsd fedoraproject netapp oracle starwindsoftware	7.0
2021-09-16	CVE-2021-34798	NULL Pointer Dereference vulnerability in multiple products Malformed requests may cause the server to dereference a NULL pointer. network low complexity apache fedoraproject debian netapp tenable oracle broadcom siemens CWE-476	7.5
2021-09-16	CVE-2021-36160	Out-of-bounds Read vulnerability in multiple products A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). network low complexity apache fedoraproject debian netapp oracle broadcom CWE-125	7.5
2021-09-16	CVE-2021-39275	Out-of-bounds Write vulnerability in multiple products ap_escape_quotes() may write beyond the end of a buffer when given malicious input. network low complexity apache fedoraproject debian netapp oracle siemens CWE-787 critical	9.8
2021-09-16	CVE-2021-40438	Server-Side Request Forgery (SSRF) vulnerability in multiple products A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. network high complexity apache fedoraproject debian netapp broadcom f5 oracle siemens tenable CWE-918 critical	9.0
2021-08-24	CVE-2021-3711	Classic Buffer Overflow vulnerability in multiple products In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). network low complexity openssl debian netapp oracle tenable CWE-120 critical	9.8
2021-08-24	CVE-2021-3712	Out-of-bounds Read vulnerability in multiple products ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. network high complexity openssl debian netapp mcafee tenable oracle siemens CWE-125	7.4
2021-08-24	CVE-2021-36690	A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. network low complexity sqlite oracle apple	7.5
2021-08-16	CVE-2021-33193	A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. network low complexity apache fedoraproject tenable oracle	7.5