Oracle Zfs_storage_appliance_kit
117 CVEs affecting Oracle Zfs_storage_appliance_kit. Latest disclosed: 2025-10-21. Critical: 17, High: 47.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-23943 | Critical | 9.8 | 2022-03-14 | Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue… |
CVE-2022-22720 | Critical | 9.8 | 2022-03-14 | Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Re… |
CVE-2022-25315 | Critical | 9.8 | 2022-02-18 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. |
CVE-2022-25236 | Critical | 9.8 | 2022-02-16 | xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. |
CVE-2022-25235 | Critical | 9.8 | 2022-02-16 | xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain con… |
CVE-2021-44790 | Critical | 9.8 | 2021-12-20 | A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is… |
CVE-2021-39275 | Critical | 9.8 | 2021-09-16 | ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party… |
CVE-2021-3711 | Critical | 9.8 | 2021-08-24 | In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function… |
CVE-2021-26691 | Critical | 9.8 | 2021-06-10 | In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow |
CVE-2021-3520 | Critical | 9.8 | 2021-06-02 | There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling… |
CVE-2021-29921 | Critical | 9.8 | 2021-05-06 | In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attack… |
CVE-2021-3177 | Critical | 9.8 | 2021-01-19 | Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications tha… |
CVE-2020-11984 | Critical | 9.8 | 2020-08-07 | Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE |
CVE-2020-11656 | Critical | 9.8 | 2020-04-09 | In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statemen… |
CVE-2020-10108 | Critical | 9.8 | 2020-03-12 | In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header… |
CVE-2022-22721 | Critical | 9.1 | 2022-03-14 | If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out o… |
CVE-2021-40438 | Critical | 9.0 | 2021-09-16 | A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4… |
CVE-2021-3517 | High | 8.6 | 2021-05-19 | There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed… |
CVE-2022-21513 | High | 8.2 | 2022-07-19 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploi… |
CVE-2021-43818 | High | 8.2 | 2021-12-13 | lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content… |