Vulnerabilities > Oracle > ZFS Storage Appliance KIT > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-30 | CVE-2020-26137 | Injection vulnerability in multiple products urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). | 6.5 |
2020-08-13 | CVE-2020-17498 | Double Free vulnerability in multiple products In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. | 6.5 |
2020-06-25 | CVE-2019-20892 | Double Free vulnerability in multiple products net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. | 6.5 |
2020-06-24 | CVE-2020-15025 | Memory Leak vulnerability in multiple products ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. | 4.9 |
2020-06-03 | CVE-2020-13596 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. | 6.1 |
2020-06-03 | CVE-2020-13254 | Improper Certificate Validation vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. | 5.9 |
2020-05-27 | CVE-2020-13632 | NULL Pointer Dereference vulnerability in multiple products ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. | 5.5 |
2020-05-27 | CVE-2020-13631 | SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. | 5.5 |
2020-04-02 | CVE-2020-1927 | Open Redirect vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. | 6.1 |
2020-04-01 | CVE-2020-1934 | Use of Uninitialized Resource vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. | 5.3 |