Vulnerabilities > Oracle > ZFS Storage Appliance KIT

DATE CVE VULNERABILITY TITLE RISK
2021-08-24 CVE-2021-3711 Classic Buffer Overflow vulnerability in multiple products
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().
network
low complexity
openssl debian netapp oracle tenable CWE-120
critical
9.8
2021-08-24 CVE-2021-3712 Out-of-bounds Read vulnerability in multiple products
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length.
7.4
2021-08-24 CVE-2021-36690 A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query.
network
low complexity
sqlite oracle apple
7.5
2021-08-16 CVE-2021-33193 A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.
network
low complexity
apache fedoraproject tenable oracle
7.5
2021-07-09 CVE-2021-3541 XML Entity Expansion vulnerability in multiple products
A flaw was found in libxml2.
network
low complexity
xmlsoft redhat oracle netapp CWE-776
6.5
2021-06-29 CVE-2021-33503 Resource Exhaustion vulnerability in multiple products
An issue was discovered in urllib3 before 1.26.5.
network
low complexity
python fedoraproject oracle CWE-400
7.5
2021-06-15 CVE-2021-31618 NULL Pointer Dereference vulnerability in multiple products
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well.
network
low complexity
apache fedoraproject debian oracle CWE-476
7.5
2021-06-10 CVE-2019-17567 HTTP Request Smuggling vulnerability in multiple products
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.
network
low complexity
apache fedoraproject oracle CWE-444
5.3
2021-06-10 CVE-2020-13950 NULL Pointer Dereference vulnerability in multiple products
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
network
low complexity
apache debian fedoraproject oracle CWE-476
7.5
2021-06-10 CVE-2020-35452 Out-of-bounds Write vulnerability in multiple products
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest.
network
low complexity
apache debian fedoraproject oracle CWE-787
7.3