Filtered by vendor Oracle Subscriptions
Filtered by product Zfs Storage Appliance Kit Subscriptions
Total 108 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-25866 4 Fedoraproject, Opensuse, Oracle and 1 more 4 Fedora, Leap, Zfs Storage Appliance Kit and 1 more 2024-11-21 7.5 High
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.
CVE-2020-24584 4 Canonical, Djangoproject, Fedoraproject and 1 more 4 Ubuntu Linux, Django, Fedora and 1 more 2024-11-21 7.5 High
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
CVE-2020-24583 4 Canonical, Djangoproject, Fedoraproject and 1 more 4 Ubuntu Linux, Django, Fedora and 1 more 2024-11-21 7.5 High
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.
CVE-2020-1934 7 Apache, Canonical, Debian and 4 more 13 Http Server, Ubuntu Linux, Debian Linux and 10 more 2024-11-21 5.3 Medium
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
CVE-2020-1927 9 Apache, Broadcom, Canonical and 6 more 17 Http Server, Brocade Fabric Operating System, Ubuntu Linux and 14 more 2024-11-21 6.1 Medium
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
CVE-2020-17498 4 Fedoraproject, Opensuse, Oracle and 1 more 4 Fedora, Leap, Zfs Storage Appliance Kit and 1 more 2024-11-21 6.5 Medium
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
CVE-2020-15025 4 Netapp, Ntp, Opensuse and 1 more 27 8300, 8300 Firmware, 8700 and 24 more 2024-11-21 4.4 Medium
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
CVE-2020-13950 5 Apache, Debian, Fedoraproject and 2 more 8 Http Server, Debian Linux, Fedora and 5 more 2024-11-21 7.5 High
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
CVE-2020-13871 6 Debian, Fedoraproject, Netapp and 3 more 12 Debian Linux, Fedora, Cloud Backup and 9 more 2024-11-21 7.5 High
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
CVE-2020-13632 9 Brocade, Canonical, Debian and 6 more 14 Fabric Operating System, Ubuntu Linux, Debian Linux and 11 more 2024-11-21 5.5 Medium
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
CVE-2020-13631 9 Apple, Brocade, Canonical and 6 more 20 Icloud, Ipados, Iphone Os and 17 more 2024-11-21 5.5 Medium
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
CVE-2020-13630 10 Apple, Brocade, Canonical and 7 more 21 Icloud, Ipados, Iphone Os and 18 more 2024-11-21 7.0 High
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
CVE-2020-13596 6 Canonical, Debian, Djangoproject and 3 more 7 Ubuntu Linux, Debian Linux, Django and 4 more 2024-11-21 6.1 Medium
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
CVE-2020-13254 7 Canonical, Debian, Djangoproject and 4 more 8 Ubuntu Linux, Debian Linux, Django and 5 more 2024-11-21 5.9 Medium
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.
CVE-2020-12243 9 Apple, Broadcom, Canonical and 6 more 28 Mac Os X, Brocade Fabric Operating System, Ubuntu Linux and 25 more 2024-11-21 7.5 High
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
CVE-2020-11984 8 Apache, Canonical, Debian and 5 more 16 Http Server, Ubuntu Linux, Debian Linux and 13 more 2024-11-21 9.8 Critical
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
CVE-2020-11656 5 Netapp, Oracle, Siemens and 2 more 12 Ontap Select Deploy Administration Utility, Communications Messaging Server, Communications Network Charging And Control and 9 more 2024-11-21 9.8 Critical
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
CVE-2020-11655 7 Canonical, Debian, Netapp and 4 more 18 Ubuntu Linux, Debian Linux, Ontap Select Deploy Administration Utility and 15 more 2024-11-21 7.5 High
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVE-2019-20907 8 Canonical, Debian, Fedoraproject and 5 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2024-11-21 7.5 High
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
CVE-2019-20892 3 Net-snmp, Oracle, Redhat 3 Net-snmp, Zfs Storage Appliance Kit, Enterprise Linux 2024-11-21 6.5 Medium
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.