Zfs Storage Appliance Kit Security Vulnerabilities and Issues — Zfs Storage Appliance Kit CVE List

Lucene search

OracleZfs Storage Appliance Kit

9 matches found

CVE•added 2019/09/06 6:15 p.m.•619 views

CVE-2019-16056

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers ...

7.5CVSS6.7AI score0.00829EPSS

CVE•added 2019/07/26 1:15 p.m.•525 views

CVE-2019-13565

An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. Af...

7.5CVSS7.4AI score0.04369EPSS

CVE•added 2019/11/14 7:15 p.m.•524 views

CVE-2019-11135

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

6.5CVSS6.4AI score0.00394EPSS

CVE•added 2019/07/26 1:15 p.m.•507 views

CVE-2019-13057

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization...

4.9CVSS5.9AI score0.00844EPSS

CVE•added 2019/11/25 12:15 p.m.•398 views

CVE-2019-14822

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using...

7.1CVSS6.7AI score0.00096EPSS

CVE•added 2019/06/10 12:29 p.m.•237 views

CVE-2019-12387

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

6.1CVSS6.2AI score0.00701EPSS

CVE•added 2019/11/08 3:15 p.m.•231 views

CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

6.5CVSS6AI score0.01864EPSS

CVE•added 2019/06/29 2:15 p.m.•130 views

CVE-2019-13038

mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.

6.1CVSS6.2AI score0.00125EPSS

CVE•added 2019/02/12 5:29 p.m.•59 views

CVE-2018-20781

In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.

7.8CVSS7.5AI score0.06715EPSS