Vulnerabilities > Oracle > ZFS Storage Appliance KIT
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-02 | CVE-2021-3520 | Integer Overflow or Wraparound vulnerability in multiple products There's a flaw in lz4. | 9.8 |
| 2021-06-01 | CVE-2021-3516 | Use After Free vulnerability in multiple products There's a flaw in libxml2's xmllint in versions before 2.9.11. | 7.8 |
| 2021-05-20 | CVE-2021-3426 | Path Traversal vulnerability in multiple products There's a flaw in Python 3's pydoc. | 5.7 |
| 2021-05-19 | CVE-2021-3517 | Out-of-bounds Write vulnerability in multiple products There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. | 8.6 |
| 2021-05-06 | CVE-2021-29921 | In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. | 9.8 |
| 2021-04-23 | CVE-2021-22207 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file | 6.5 |
| 2021-03-25 | CVE-2021-3449 | NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. | 5.9 |
| 2021-03-23 | CVE-2021-20227 | Use After Free vulnerability in multiple products A flaw was found in SQLite's SELECT query functionality (src/select.c). | 5.5 |
| 2021-03-21 | CVE-2021-28957 | Cross-site Scripting vulnerability in multiple products An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. | 6.1 |
| 2021-02-16 | CVE-2021-23841 | NULL Pointer Dereference vulnerability in multiple products The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. | 5.9 |