Vulnerabilities > Oracle > ZFS Storage Appliance KIT

DATE CVE VULNERABILITY TITLE RISK
2020-05-27 CVE-2020-13630 Use After Free vulnerability in multiple products
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
7.0
2020-04-28 CVE-2020-12243 Uncontrolled Recursion vulnerability in multiple products
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
7.5
2020-04-09 CVE-2020-11656 Use After Free vulnerability in multiple products
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
network
low complexity
sqlite netapp oracle siemens tenable CWE-416
critical
9.8
2020-04-09 CVE-2020-11655 Improper Initialization vulnerability in multiple products
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
7.5
2020-04-02 CVE-2020-1927 Open Redirect vulnerability in multiple products
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
6.1
2020-04-01 CVE-2020-1934 Use of Uninitialized Resource vulnerability in multiple products
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
5.3
2020-03-12 CVE-2020-10108 HTTP Request Smuggling vulnerability in multiple products
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability.
network
low complexity
twisted fedoraproject debian canonical oracle CWE-444
critical
9.8
2020-02-21 CVE-2020-9327 NULL Pointer Dereference vulnerability in multiple products
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
network
low complexity
sqlite netapp canonical siemens oracle CWE-476
7.5
2020-01-16 CVE-2020-7044 Off-by-one Error vulnerability in multiple products
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash.
network
low complexity
wireshark fedoraproject opensuse oracle CWE-193
7.5
2019-11-25 CVE-2019-14822 Missing Authorization vulnerability in multiple products
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup.
local
low complexity
ibus-project redhat canonical oracle CWE-862
7.1