Oracle Zfs Storage Appliance Kit vulnerabilities

CVE-2022-23943 [CRITICAL] CWE-190 CVE-2022-23943: Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite h Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

CVE-2022-22719 [HIGH] CWE-665 CVE-2022-22719: A carefully crafted request body can cause a read to a random memory area which could cause the proc A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

CVE-2022-21716 [HIGH] CWE-120 CVE-2022-21716: Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A pat

CVE-2022-23308 [HIGH] CWE-416 CVE-2022-23308: valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

CVE-2021-4115 [MEDIUM] CWE-400 CVE-2021-4115: There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to proc There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned

CVE-2022-25315 [CRITICAL] CWE-190 CVE-2022-25315: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

CVE-2022-25314 [HIGH] CWE-190 CVE-2022-25314: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

CVE-2022-25313 [MEDIUM] CWE-674 CVE-2022-25313: In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

CVE-2022-25235 [CRITICAL] CWE-116 CVE-2022-25235: xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as che xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

CVE-2022-25236 [CRITICAL] CWE-668 CVE-2022-25236: xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator chara xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

CVE-2022-0391 [HIGH] CWE-74 CVE-2022-0391: A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uni A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection atta

CVE-2021-4034 [HIGH] CWE-787 CVE-2021-4034: A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec applicat A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variabl

CVE-2022-21375 [MEDIUM] CVE-2022-21375: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported ver Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized abili

CVE-2022-21271 [MEDIUM] CVE-2022-21271: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoc

CVE-2021-4182 [HIGH] CWE-835 CVE-2021-4182: Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

CVE-2021-4185 [HIGH] CWE-835 CVE-2021-4185: Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

CVE-2021-4184 [HIGH] CWE-835 CVE-2021-4184: Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial o Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

CVE-2021-4181 [HIGH] CWE-125 CVE-2021-4181: Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

CVE-2021-4183 [MEDIUM] CWE-125 CVE-2021-4183: Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file

CVE-2021-44790 [CRITICAL] CWE-787 CVE-2021-44790: A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:pars A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.