Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle zfs storage appliance kit 8.8 vulnerabilities and exploits
(subscribe to this query)
670
VMScore
CVE-2022-25235
xmltok_impl.c in Expat (aka libexpat) prior to 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Siemens Sinema Remote Connect Server
383
VMScore
CVE-2022-25313
In Expat (aka libexpat) prior to 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Siemens Sinema Remote Connect Server
1 Github repository
446
VMScore
CVE-2022-25314
In Expat (aka libexpat) prior to 2.4.5, there is an integer overflow in copyString.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Siemens Sinema Remote Connect Server
668
VMScore
CVE-2022-25315
In Expat (aka libexpat) prior to 2.4.5, there is an integer overflow in storeRawNames.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Siemens Sinema Remote Connect Server
188
VMScore
CVE-2021-20227
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threa...
Sqlite Sqlite
Oracle Outside In Technology 8.5.5
Oracle Communications Network Charging And Control 6.0.1
Oracle Zfs Storage Appliance Kit 8.8
Oracle Jd Edwards Enterpriseone Tools
Oracle Mysql Workbench
Oracle Communications Network Charging And Control
Oracle Enterprise Manager For Oracle Database 13.4.0.0
187
VMScore
CVE-2021-4115
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and ...
Polkit Project Polkit 0.117
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 21.10
Debian Debian Linux 11.0
Oracle Zfs Storage Appliance Kit 8.8
571
VMScore
CVE-2020-26137
urllib3 prior to 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
Python Urllib3
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Debian Debian Linux 9.0
Oracle Zfs Storage Appliance Kit 8.8
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.2.0
2 Github repositories
447
VMScore
CVE-2022-22719
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and previous versions.
Apache Http Server
Debian Debian Linux 9.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Apple Macos
Apple Mac Os X 10.15.7
446
VMScore
CVE-2020-13950
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
Apache Http Server
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Zfs Storage Appliance Kit 8.8
446
VMScore
CVE-2021-30641
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
Apache Http Server
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Zfs Storage Appliance Kit 8.8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »