Vulnerabilities > Oracle > ZFS Storage Appliance KIT > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-03 | CVE-2022-29824 | Integer Overflow or Wraparound vulnerability in multiple products In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. | 6.5 |
| 2022-02-21 | CVE-2021-4115 | There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. | 5.5 |
| 2022-02-18 | CVE-2022-25313 | Uncontrolled Recursion vulnerability in multiple products In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. | 6.5 |
| 2021-12-30 | CVE-2021-4183 | Out-of-bounds Read vulnerability in multiple products Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file | 5.5 |
| 2021-10-27 | CVE-2021-25219 | In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. | 5.3 |
| 2021-07-09 | CVE-2021-3541 | XML Entity Expansion vulnerability in multiple products A flaw was found in libxml2. | 6.5 |
| 2021-06-10 | CVE-2019-17567 | HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. | 5.3 |
| 2021-06-10 | CVE-2021-30641 | Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' | 5.3 |
| 2021-05-20 | CVE-2021-3426 | Path Traversal vulnerability in multiple products There's a flaw in Python 3's pydoc. | 5.7 |
| 2021-04-23 | CVE-2021-22207 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file | 6.5 |