📦 Zfs Storage Appliance Kit
by Oracle
🔍 What is Zfs Storage Appliance Kit?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
Apache HTTP Server versions 2.4.52 and earlier contain a vulnerability where the server fails to properly close inbound connections when encountering errors while discarding request bodies. This allow...
CVE-2022-23943 is a critical heap memory corruption vulnerability in Apache HTTP Server's mod_sed module that allows attackers to write data beyond allocated memory boundaries. This can lead to remote...
CVE-2022-25315 is an integer overflow vulnerability in Expat's storeRawNames function that can lead to heap buffer overflow. This allows attackers to potentially execute arbitrary code or cause denial...
CVE-2022-25235 is a critical vulnerability in Expat (libexpat) XML parser where improper UTF-8 character validation allows attackers to bypass security checks. This affects any application using vulne...
CVE-2021-39275 is a critical buffer overflow vulnerability in Apache HTTP Server's ap_escape_quotes() function that could allow remote code execution or denial of service. The vulnerability affects Ap...
CVE-2021-26691 is a critical heap overflow vulnerability in Apache HTTP Server that allows remote attackers to execute arbitrary code or cause denial of service. Attackers can exploit this by sending ...
CVE-2021-3520 is an integer overflow vulnerability in the LZ4 compression library that allows attackers to trigger out-of-bounds writes by submitting crafted files. This can lead to application crashe...
The Python ipaddress library incorrectly interprets IP addresses with leading zeros in octets, treating them as octal numbers instead of decimal. This allows attackers to bypass IP-based access contro...
This is a buffer overflow vulnerability in Python's ctypes module that could allow remote code execution. It affects Python applications that process untrusted floating-point numbers through ctypes. T...
A critical vulnerability in Oracle ZFS Storage Appliance Kit's Block Storage component allows authenticated high-privilege attackers with network access via HTTP to completely compromise the system. T...
This vulnerability allows a high-privileged attacker with local access to the Oracle ZFS Storage Appliance infrastructure to completely compromise the system, potentially affecting other connected pro...
This vulnerability in Twisted's HTTP 1.1 server allows HTTP request smuggling due to non-RFC-compliant parsing of HTTP requests. Attackers can exploit this to bypass security controls, poison caches, ...
CVE-2022-22719 is a memory corruption vulnerability in Apache HTTP Server where a specially crafted request body can cause the server to read from random memory locations, potentially leading to a den...
CVE-2022-21716 is a memory exhaustion vulnerability in Twisted's SSH client and server implementations. Attackers can send unlimited data during SSH version negotiation, causing the target system to c...
CVE-2022-23308 is a use-after-free vulnerability in libxml2's validation component that allows attackers to potentially execute arbitrary code or cause denial of service. It affects applications that ...
CVE-2022-25314 is an integer overflow vulnerability in Expat's copyString function that can lead to heap buffer overflow. This allows attackers to potentially execute arbitrary code or cause denial of...
This vulnerability in Python's urllib.parse module allows injection attacks via crafted URLs containing carriage return (\r) or line feed (\n) characters in the path component. Attackers can exploit t...
CVE-2021-4034 (PwnKit) is a local privilege escalation vulnerability in polkit's pkexec utility that allows unprivileged local users to gain root privileges by exploiting improper argument handling. T...
A vulnerability in Wireshark's RFC 7468 dissector allows attackers to cause a denial of service crash via specially crafted network packets or capture files. This affects Wireshark users analyzing net...
This vulnerability in Wireshark's BitTorrent DHT dissector allows attackers to cause a denial of service (DoS) by triggering an infinite loop. Attackers can exploit this via packet injection on the ne...
CVE-2021-42717 is a denial-of-service vulnerability in ModSecurity's JSON parser where excessively nested JSON objects cause excessive CPU consumption and process blocking. This affects ModSecurity 2....
CVE-2021-36160 is an out-of-bounds read vulnerability in Apache HTTP Server's mod_proxy_uwsgi module. A specially crafted URI path can cause the server to read beyond allocated memory boundaries, lead...
This OpenSSL vulnerability allows attackers to cause buffer overruns when applications directly construct ASN.1 strings without proper NUL termination. Exploitation can lead to denial of service or me...
CVE-2021-33193 is an HTTP/2 request smuggling vulnerability in Apache HTTP Server's mod_proxy module. Attackers can send specially crafted HTTP/2 requests that bypass validation, potentially leading t...
CVE-2020-13950 is a NULL pointer dereference vulnerability in Apache HTTP Server's mod_proxy_http module that allows remote attackers to cause a denial of service by sending specially crafted HTTP req...
CVE-2021-26690 is a NULL pointer dereference vulnerability in Apache HTTP Server's mod_session module that can be triggered by a specially crafted Cookie header. This causes the server to crash, resul...
CVE-2021-3516 is a use-after-free vulnerability in libxml2's xmllint tool that allows attackers to execute arbitrary code or cause denial of service by submitting specially crafted XML files. This aff...
This vulnerability allows authenticated high-privilege attackers with network access via HTTP to cause denial of service (DoS) on Oracle ZFS Storage Appliance Kit by making the system hang or crash re...
This vulnerability allows high-privileged attackers with network access via HTTP to cause denial of service (DoS) on Oracle ZFS Storage Appliance Kit by making the system hang or crash repeatedly. Onl...
This vulnerability in Oracle ZFS Storage Appliance Kit allows high-privileged attackers with network access via HTTP to cause denial of service by hanging or crashing the system. Only version 8.8 of t...
This vulnerability in Oracle ZFS Storage Appliance Kit allows high-privileged attackers with network access via HTTP to cause a denial of service by hanging or crashing the system. Only version 8.8 is...
This vulnerability allows high-privileged attackers with network access via HTTP to cause a denial of service (DoS) on Oracle ZFS Storage Appliance Kit by making the system hang or crash repeatedly. O...
CVE-2020-1472 (Zerologon) is a critical authentication bypass vulnerability in Microsoft's Netlogon protocol that allows unauthenticated attackers to gain domain administrator privileges. It affects W...