Oracle Zfs Storage Appliance vulnerabilities

CVE-2021-2149 [LOW] CVE-2021-2149: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). T Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of t

CVE-2021-2147 [LOW] CVE-2021-2147: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Installa Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Installation). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful att

CVE-2021-22191 [MEDIUM] CWE-74 CVE-2021-22191: Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execut Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.

CVE-2021-28041 [HIGH] CWE-415 CVE-2021-28041: ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenario ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

CVE-2021-22173 [LOW] CWE-401 CVE-2021-22173: Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet inj Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file

CVE-2021-22174 [LOW] CWE-770 CVE-2021-22174: Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file

CVE-2021-23336 [MEDIUM] CWE-444 CVE-2021-23336: The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and be The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they

CVE-2021-1993 [MEDIUM] CVE-2021-1993: Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affect Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other

CVE-2021-1999 [MEDIUM] CVE-2021-1999: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: RAS subs Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: RAS subsystems). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successfu

CVE-2019-19553 [HIGH] CWE-909 CVE-2019-19553: In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed i In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.

CVE-2019-16168 [MEDIUM] CWE-369 CVE-2019-16168: In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other applicati In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

CVE-2018-1165 [HIGH] CWE-122 CVE-2018-1165: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joye This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue result