Product:

Zfs_storage_appliance_kit

(Oracle)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 64
Date Id Summary Products Score Patch Annotated
2022-03-14 CVE-2022-23943 Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. Http_server, Debian_linux, Fedora, Http_server, Zfs_storage_appliance_kit 9.8
2022-02-09 CVE-2022-0391 A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. Fedora, Active_iq_unified_manager, Hci, Hci_compute_node, Management_services_for_element_software, Ontap_select_deploy_administration_utility, Solidfire\,_enterprise_sds_\&_hci_storage_node, Http_server, Zfs_storage_appliance_kit, Python 7.5
2021-12-13 CVE-2021-43818 lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. Debian_linux, Fedora, Lxml, Hci_storage_node_firmware, Solidfire, Solidfire_enterprise_sds, Http_server, Zfs_storage_appliance_kit 7.1
2021-09-16 CVE-2021-34798 Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. Http_server, Brocade_fabric_operating_system_firmware, Debian_linux, Fedora, Cloud_backup, Clustered_data_ontap, Storagegrid, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Http_server, Instantis_enterprisetrack, Peoplesoft_enterprise_peopletools, Zfs_storage_appliance_kit, Tenable\.sc 7.5
2022-02-16 CVE-2022-25235 xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit 9.8
2022-02-16 CVE-2022-25236 xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. Debian_linux, Libexpat, Http_server, Zfs_storage_appliance_kit 9.8
2022-02-18 CVE-2022-25313 In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit 6.5
2022-02-18 CVE-2022-25314 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit 7.5
2022-02-18 CVE-2022-25315 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit 9.8
2019-06-29 CVE-2019-13038 mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. Ubuntu_linux, Fedora, Mod_auth_mellon, Zfs_storage_appliance_kit 6.1