Vulnerabilities > Oracle > ZFS Storage Appliance KIT

DATE CVE VULNERABILITY TITLE RISK
2021-06-10 CVE-2021-26690 NULL Pointer Dereference vulnerability in multiple products
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
network
low complexity
apache debian fedoraproject oracle CWE-476
7.5
2021-06-10 CVE-2021-26691 Out-of-bounds Write vulnerability in multiple products
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
network
low complexity
apache debian fedoraproject oracle netapp CWE-787
critical
9.8
2021-06-10 CVE-2021-30641 Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
network
low complexity
apache debian fedoraproject oracle
5.3
2021-06-07 CVE-2021-22222 Infinite Loop vulnerability in multiple products
Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark oracle debian CWE-835
7.5
2021-06-02 CVE-2021-3520 There's a flaw in lz4.
network
low complexity
lz4-project netapp oracle splunk
critical
9.8
2021-06-01 CVE-2021-3516 Use After Free vulnerability in multiple products
There's a flaw in libxml2's xmllint in versions before 2.9.11.
7.8
2021-05-20 CVE-2021-3426 Path Traversal vulnerability in multiple products
There's a flaw in Python 3's pydoc.
5.7
2021-05-19 CVE-2021-3517 There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11.
network
low complexity
xmlsoft redhat fedoraproject debian netapp oracle
8.6
2021-05-06 CVE-2021-29921 In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string.
network
low complexity
python oracle
critical
9.8
2021-04-23 CVE-2021-22207 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject oracle debian CWE-770
6.5