Vulnerabilities > Oracle > ZFS Storage Appliance KIT
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-27 | CVE-2020-13630 | Use After Free vulnerability in multiple products ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. | 7.0 |
2020-04-28 | CVE-2020-12243 | Uncontrolled Recursion vulnerability in multiple products In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | 7.5 |
2020-04-09 | CVE-2020-11656 | Use After Free vulnerability in multiple products In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. | 9.8 |
2020-04-09 | CVE-2020-11655 | Improper Initialization vulnerability in multiple products SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. | 7.5 |
2020-04-02 | CVE-2020-1927 | Open Redirect vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. | 6.1 |
2020-04-01 | CVE-2020-1934 | Use of Uninitialized Resource vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. | 5.3 |
2020-03-12 | CVE-2020-10108 | HTTP Request Smuggling vulnerability in multiple products In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. | 9.8 |
2020-02-21 | CVE-2020-9327 | NULL Pointer Dereference vulnerability in multiple products In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. | 7.5 |
2020-01-16 | CVE-2020-7044 | Off-by-one Error vulnerability in multiple products In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. | 7.5 |
2019-11-25 | CVE-2019-14822 | Missing Authorization vulnerability in multiple products A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. | 7.1 |