Oracle Zfs Storage Appliance Kit vulnerabilities

CVE-2025-62290 [HIGH] CWE-284 CVE-2025-62290: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block St Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in t

CVE-2025-62476 [MEDIUM] CWE-400 CVE-2025-62476: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Remote R Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Remote Replication). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can resu

CVE-2025-62478 [MEDIUM] CWE-400 CVE-2025-62478: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object S Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in

CVE-2025-62475 [MEDIUM] CWE-400 CVE-2025-62475: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthoriz

CVE-2025-62289 [MEDIUM] CWE-267 CVE-2025-62289: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Filesyst Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Filesystems). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in u

CVE-2025-53046 [MEDIUM] CWE-400 CVE-2025-53046: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Analytic Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Analytics). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in una

CVE-2025-62477 [MEDIUM] CWE-400 CVE-2025-62477: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Remote R Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Remote Replication). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can resu

CVE-2025-62479 [LOW] CWE-267 CVE-2025-62479: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block St Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in un

CVE-2025-62480 [LOW] CWE-267 CVE-2025-62480: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Naming S Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Naming Subsystem). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in

CVE-2024-21155 [MEDIUM] CVE-2024-21155: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: User Int Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: User Interface). The supported version that is affected is 8.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person ot

CVE-2024-21104 [MEDIUM] CVE-2024-21104: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks re

CVE-2023-21833 [MEDIUM] CWE-200 CVE-2023-21833: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object S Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in u

CVE-2024-20959 [MEDIUM] CWE-400 CVE-2024-20959: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful at

CVE-2024-20914 [LOW] CWE-200 CVE-2024-20914: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attac

CVE-2022-21513 [HIGH] CVE-2022-21513: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). T Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. While the vulnerabili

CVE-2022-21563 [LOW] CVE-2022-21563: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). T Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of

CVE-2022-29824 [MEDIUM] CWE-190 CVE-2022-29824: In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is af

CVE-2022-24801 [HIGH] CWE-444 CVE-2022-24801: Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to vers Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple

CVE-2022-22721 [CRITICAL] CWE-190 CVE-2022-22721: If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit s If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

CVE-2022-22720 [CRITICAL] CWE-444 CVE-2022-22720: Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling