threat
engine
.sh
Back
·
··:··
Home
/
Product
/
oracle zfs storage appliance kit
Product
oracle zfs storage appliance kit
117 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-62480
all versions
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Naming Subsystem). The supported ver
2.7
LOW
CVE-2025-62479
all versions
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported versio
2.7
LOW
CVE-2025-62478
all versions
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version
4.9
MEDIUM
CVE-2025-62477
all versions
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Remote Replication). The supported v
4.9
MEDIUM
CVE-2025-62476
all versions
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Remote Replication). The supported v
4.9
MEDIUM
CVE-2025-62475
all versions
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is
4.9
MEDIUM
CVE-2025-62290
all versions
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported versio
7.2
HIGH
CVE-2025-62289
all versions
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Filesystems). The supported version
4.9
MEDIUM
CVE-2025-53046
all versions
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Analytics). The supported version th
4.9
MEDIUM
CVE-2024-21155
all versions
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: User Interface). The supported versi
4.7
MEDIUM
CVE-2024-21104
all versions
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is
6.5
MEDIUM
CVE-2023-21833
all versions
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version
4.3
MEDIUM
CVE-2024-20959
all versions
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is
4.4
MEDIUM
CVE-2024-20914
all versions
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is
2.3
LOW
CVE-2022-21563
all versions
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is a
3.4
LOW
CVE-2022-21513
all versions
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is a
8.2
HIGH
CVE-2022-29824
all versions
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf
) and tree.c (xmlBuffer
) don't check for integer ove
6.5
MEDIUM
CVE-2022-24801
all versions
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web
8.1
HIGH
CVE-2022-23943
all versions
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attac
9.8
CRITICAL
CVE-2022-22721
all versions
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow hap
9.1
CRITICAL
CVE-2022-22720
all versions
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, e
9.8
CRITICAL
CVE-2022-22719
all versions
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affec
7.5
HIGH
CVE-2022-21716
all versions
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and ser
7.5
HIGH
CVE-2022-23308
all versions
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
7.5
HIGH
CVE-2021-4115
all versions
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion
5.5
MEDIUM
CVE-2022-25315
all versions
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
9.8
CRITICAL
CVE-2022-25314
all versions
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
7.5
HIGH
CVE-2022-25313
all versions
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD
6.5
MEDIUM
CVE-2022-25236
all versions
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
9.8
CRITICAL
CVE-2022-25235
all versions
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 charac
9.8
CRITICAL
CVE-2022-0391
all versions
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) st
7.5
HIGH
CVE-2021-4034
all versions
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed
7.8
HIGH
CVE-2022-21375
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. E
5.5
MEDIUM
CVE-2022-21271
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported
5.3
MEDIUM
CVE-2021-4185
all versions
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or craft
7.5
HIGH
CVE-2021-4184
all versions
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection
7.5
HIGH
CVE-2021-4183
all versions
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
5.5
MEDIUM
CVE-2021-4182
all versions
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted ca
7.5
HIGH
CVE-2021-4181
all versions
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafte
7.5
HIGH
CVE-2021-44790
all versions
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua script
9.8
CRITICAL
CVE-2021-43818
all versions
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets c
8.2
HIGH
CVE-2021-42717
all versions
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep
7.5
HIGH
CVE-2021-25219
all versions
In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of BIND Supported Preview
5.3
MEDIUM
CVE-2021-41617
all versions
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because
7.0
HIGH
CVE-2021-40438
all versions
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue a
9.0
CRITICAL
CVE-2021-39275
all versions
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to the
9.8
CRITICAL
CVE-2021-36160
all versions
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affe
7.5
HIGH
CVE-2021-34798
all versions
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
7.5
HIGH
CVE-2021-3712
all versions
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string dat
7.4
HIGH
CVE-2021-3711
all versions
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an applic
9.8
CRITICAL
CVE-2021-36690
all versions
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when th
7.5
HIGH
CVE-2021-33193
all versions
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or
7.5
HIGH
CVE-2021-3541
all versions
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and lea
6.5
MEDIUM
CVE-2021-33503
all versions
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component
7.5
HIGH
CVE-2021-31618
all versions
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as config
7.5
HIGH
CVE-2021-30641
all versions
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
5.3
MEDIUM
CVE-2021-26691
all versions
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overf
9.8
CRITICAL
CVE-2021-26690
all versions
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dere
7.5
HIGH
CVE-2020-35452
all versions
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There
7.3
HIGH
CVE-2020-13950
all versions
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted
7.5
HIGH
CVE-2019-17567
all versions
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin
5.3
MEDIUM
CVE-2021-22222
all versions
Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture
7.5
HIGH
CVE-2021-3520
all versions
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer
9.8
CRITICAL
CVE-2021-3516
all versions
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by
7.8
HIGH
CVE-2021-3426
all versions
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent us
5.7
MEDIUM
CVE-2021-3517
all versions
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a
8.6
HIGH
CVE-2021-29921
all versions
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in s
9.8
CRITICAL
CVE-2021-22207
all versions
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via pack
5.5
MEDIUM
CVE-2021-3449
all versions
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renego
5.9
MEDIUM
CVE-2021-20227
all versions
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL
5.5
MEDIUM
CVE-2021-28957
all versions
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and fo
6.1
MEDIUM
CVE-2021-23841
all versions
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and seria
5.9
MEDIUM
CVE-2021-23839
all versions
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and m
3.7
LOW
CVE-2021-3177
all versions
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in ce
9.8
CRITICAL
CVE-2020-26422
all versions
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture fil
3.7
LOW
CVE-2020-26421
all versions
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service v
4.2
MEDIUM
CVE-2020-26420
all versions
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or craf
3.1
LOW
CVE-2020-26419
all versions
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
3.1
LOW
CVE-2020-26418
all versions
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or cra
3.1
LOW
CVE-2020-29651
all versions
A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by att
7.5
HIGH
CVE-2020-27783
all versions
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caus
6.1
MEDIUM
CVE-2020-25866
all versions
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was s
7.5
HIGH
CVE-2020-26137
all versions
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and
6.5
MEDIUM
CVE-2020-26116
all versions
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if
7.2
HIGH
CVE-2020-24584
all versions
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The inter
7.5
HIGH
CVE-2020-24583
all versions
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLO
7.5
HIGH
CVE-2020-1472
all versions
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a d
5.5
MEDIUM
CVE-2020-17498
all versions
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avo
6.5
MEDIUM
CVE-2020-9490
all versions
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would re
7.5
HIGH
CVE-2020-11993
all versions
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patter
7.5
HIGH
CVE-2020-11984
all versions
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
9.8
CRITICAL
CVE-2019-20907
all versions
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by t
7.5
HIGH
CVE-2019-20892
all versions
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOT
6.5
MEDIUM
CVE-2020-15025
all versions
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumptio
4.4
MEDIUM
CVE-2020-13871
all versions
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late
7.5
HIGH
CVE-2020-13596
all versions
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKe
6.1
MEDIUM
CVE-2020-13254
all versions
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key
5.9
MEDIUM
CVE-2020-13632
all versions
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
5.5
MEDIUM
CVE-2020-13631
all versions
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
5.5
MEDIUM
CVE-2020-13630
all versions
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
7.0
HIGH
CVE-2020-12243
all versions
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of servic
7.5
HIGH
CVE-2020-11656
all versions
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs
9.8
CRITICAL
CVE-2020-11655
all versions
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query bec
7.5
HIGH
CVE-2020-1927
all versions
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fo
6.1
MEDIUM
CVE-2020-1934
all versions
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
5.3
MEDIUM
CVE-2020-10108
all versions
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers,
9.8
CRITICAL
CVE-2020-9327
all versions
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of
7.5
HIGH
CVE-2020-7044
all versions
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >=
7.5
HIGH
CVE-2019-14822
all versions
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the
7.1
HIGH
CVE-2019-11135
all versions
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enabl
6.5
MEDIUM
CVE-2019-10219
all versions
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting
6.1
MEDIUM
CVE-2019-16056
all versions
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email modul
7.5
HIGH
CVE-2019-13565
all versions
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the S
7.5
HIGH
CVE-2019-13057
all versions
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) p
4.9
MEDIUM
CVE-2019-13038
all versions
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after ht
6.1
MEDIUM
CVE-2019-12387
all versions
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid ch
6.1
MEDIUM
CVE-2018-20781
all versions
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the Li
7.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin