Filtered by vendor Oracle Subscriptions
Filtered by product Zfs Storage Appliance Kit Subscriptions
Total 108 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-21104 1 Oracle 2 Sun Zfs Storage Appliance Kit, Zfs Storage Appliance Kit 2024-12-06 6.5 Medium
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).
CVE-2024-21155 1 Oracle 1 Zfs Storage Appliance Kit 2024-12-06 4.7 Medium
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: User Interface). The supported version that is affected is 8.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle ZFS Storage Appliance Kit, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).
CVE-2023-21833 1 Oracle 1 Zfs Storage Appliance Kit 2024-11-27 4.3 Medium
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
CVE-2022-21716 5 Debian, Fedoraproject, Oracle and 2 more 6 Debian Linux, Fedora, Http Server and 3 more 2024-11-25 7.5 High
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.
CVE-2022-24801 5 Debian, Fedoraproject, Oracle and 2 more 6 Debian Linux, Fedora, Zfs Storage Appliance Kit and 3 more 2024-11-25 8.1 High
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.
CVE-2019-12387 5 Canonical, Fedoraproject, Oracle and 2 more 8 Ubuntu Linux, Fedora, Solaris and 5 more 2024-11-25 6.1 Medium
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
CVE-2020-10108 6 Canonical, Debian, Fedoraproject and 3 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2024-11-25 9.8 Critical
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
CVE-2024-20959 1 Oracle 1 Zfs Storage Appliance Kit 2024-11-21 4.4 Medium
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2024-20914 1 Oracle 1 Zfs Storage Appliance Kit 2024-11-21 2.3 Low
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).
CVE-2022-29824 6 Debian, Fedoraproject, Netapp and 3 more 26 Debian Linux, Fedora, Active Iq Unified Manager and 23 more 2024-11-21 6.5 Medium
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
CVE-2022-25315 6 Debian, Fedoraproject, Libexpat Project and 3 more 12 Debian Linux, Fedora, Libexpat and 9 more 2024-11-21 9.8 Critical
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
CVE-2022-25314 6 Debian, Fedoraproject, Libexpat Project and 3 more 8 Debian Linux, Fedora, Libexpat and 5 more 2024-11-21 7.5 High
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
CVE-2022-25313 6 Debian, Fedoraproject, Libexpat Project and 3 more 8 Debian Linux, Fedora, Libexpat and 5 more 2024-11-21 6.5 Medium
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVE-2022-25236 5 Debian, Libexpat Project, Oracle and 2 more 11 Debian Linux, Libexpat, Http Server and 8 more 2024-11-21 9.8 Critical
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVE-2022-25235 6 Debian, Fedoraproject, Libexpat Project and 3 more 12 Debian Linux, Fedora, Libexpat and 9 more 2024-11-21 9.8 Critical
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVE-2022-23943 5 Apache, Debian, Fedoraproject and 2 more 8 Http Server, Debian Linux, Fedora and 5 more 2024-11-21 9.8 Critical
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
CVE-2022-23308 7 Apple, Debian, Fedoraproject and 4 more 46 Ipados, Iphone Os, Mac Os X and 43 more 2024-11-21 7.5 High
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
CVE-2022-22721 6 Apache, Apple, Debian and 3 more 11 Http Server, Mac Os X, Macos and 8 more 2024-11-21 9.1 Critical
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
CVE-2022-22720 6 Apache, Apple, Debian and 3 more 16 Http Server, Mac Os X, Macos and 13 more 2024-11-21 9.8 Critical
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
CVE-2022-22719 6 Apache, Apple, Debian and 3 more 9 Http Server, Mac Os X, Macos and 6 more 2024-11-21 7.5 High
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.