Vulnerabilities > Oracle > ZFS Storage Appliance KIT

DATE CVE VULNERABILITY TITLE RISK
2020-08-07 CVE-2020-11993 HTTP Request Smuggling vulnerability in multiple products
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools.
7.5
2020-08-07 CVE-2020-11984 Classic Buffer Overflow vulnerability in multiple products
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
network
low complexity
apache netapp canonical debian fedoraproject opensuse oracle CWE-120
critical
9.8
2020-07-13 CVE-2019-20907 Infinite Loop vulnerability in multiple products
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
7.5
2020-06-25 CVE-2019-20892 Double Free vulnerability in multiple products
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request.
network
low complexity
net-snmp oracle CWE-415
6.5
2020-06-24 CVE-2020-15025 Memory Leak vulnerability in multiple products
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
network
low complexity
ntp opensuse netapp oracle CWE-401
4.9
2020-06-06 CVE-2020-13871 Use After Free vulnerability in multiple products
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
7.5
2020-06-03 CVE-2020-13596 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7.
6.1
2020-06-03 CVE-2020-13254 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7.
5.9
2020-05-27 CVE-2020-13632 NULL Pointer Dereference vulnerability in multiple products
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
5.5
2020-05-27 CVE-2020-13631 SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. 5.5