Vulnerabilities > Oracle > ZFS Storage Appliance KIT

DATE CVE VULNERABILITY TITLE RISK
2020-12-11 CVE-2020-26418 Memory Leak vulnerability in multiple products
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark fedoraproject debian oracle CWE-401
5.3
2020-12-09 CVE-2020-29651 A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.
network
low complexity
pytest fedoraproject oracle
7.5
2020-12-03 CVE-2020-27783 A XSS vulnerability was discovered in python-lxml's clean module.
network
low complexity
lxml redhat debian fedoraproject netapp oracle
6.1
2020-10-06 CVE-2020-25866 NULL Pointer Dereference vulnerability in multiple products
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages.
network
low complexity
wireshark fedoraproject opensuse oracle CWE-476
7.5
2020-09-30 CVE-2020-26137 Injection vulnerability in multiple products
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest().
network
low complexity
python canonical debian oracle CWE-74
6.5
2020-09-27 CVE-2020-26116 Injection vulnerability in multiple products
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
7.2
2020-09-01 CVE-2020-24584 Incorrect Default Permissions vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used).
7.5
2020-09-01 CVE-2020-24583 Incorrect Default Permissions vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used).
7.5
2020-08-13 CVE-2020-17498 Double Free vulnerability in multiple products
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash.
network
low complexity
wireshark fedoraproject opensuse oracle CWE-415
6.5
2020-08-07 CVE-2020-9490 HTTP Request Smuggling vulnerability in multiple products
Apache HTTP Server versions 2.4.20 to 2.4.43.
7.5