Oracle: >> Zfs Storage Appliance Kit >> 8.8 Security Vulnerabilities
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-05-27
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
CVSS Score
7.5
EPSS Score
0.05
Published
2020-04-28
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVSS Score
7.5
EPSS Score
0.028
Published
2020-04-09
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
CVSS Score
9.8
EPSS Score
0.094
Published
2020-04-09
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
CVSS Score
6.1
EPSS Score
0.123
Published
2020-04-02
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
CVSS Score
5.3
EPSS Score
0.368
Published
2020-04-01
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
CVSS Score
9.8
EPSS Score
0.055
Published
2020-03-12
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
CVSS Score
7.5
EPSS Score
0.014
Published
2020-02-21
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-01-16
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.
CVSS Score
7.1
EPSS Score
0.001
Published
2019-11-25