Skip to main content

H410c Firmware

188 CVEs product

Monthly

CVE-2025-24928 HIGH PATCH This Week

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Active Iq Unified Manager Manageability Software Development Kit Ontap +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-56171 HIGH PATCH This Week

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Libxml2 Hci Compute Node +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-0665 HIGH POC PATCH This Week

A double-close vulnerability exists in libcurl when tearing down connection channels after threaded name resolution, causing the same eventfd file descriptor to be closed twice. This affects curl version 8.11.1 and various NetApp products that bundle libcurl, potentially leading to file descriptor confusion, limited information disclosure, and high availability impact. A public proof-of-concept exploit is available (HackerOne report 2954286), and the vulnerability has a notably high EPSS score of 6.37% (91st percentile), indicating elevated real-world exploitation likelihood.

Mozilla Denial Of Service Use After Free Bootstrap Os H410c Firmware +8
NVD VulDB
CVSS 3.1
7.0
EPSS
6.4%
CVE-2025-0167 LOW POC Monitor

When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Element Software Ontap Ontap Select Deploy Administration Utility +13
NVD
CVSS 3.1
3.4
EPSS
0.3%
CVE-2024-40896 CRITICAL Act Now

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Libxml2 Hci Compute Node Solidfire Hci Management Node Solidfire Hci Storage Node +5
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2024-6119 HIGH PATCH This Week

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Denial Of Service Memory Corruption OpenSSL Active Iq Unified Manager Management Services For Element Software And Netapp Hci +17
NVD GitHub
CVSS 3.1
7.5
EPSS
6.6%
CVE-2024-36958 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix nfsd4_encode_fattr4() crasher Ensure that args.acl is initialized early. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Converged Systems Advisor Agent Solidfire Hci Management Node +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-33602 HIGH This Week

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Glibc Debian Linux H300s Firmware H500s Firmware +8
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2024-33601 HIGH This Week

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Glibc Debian Linux H300s Firmware H500s Firmware +8
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-33600 MEDIUM This Month

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Null Pointer Dereference Denial Of Service Glibc Debian Linux Active Iq Unified Manager +10
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-33599 HIGH This Week

nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Glibc Debian Linux H300s Firmware +6
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-5363 HIGH PATCH This Week

Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure OpenSSL Debian Linux H300s Firmware H410s Firmware +3
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2023-45862 MEDIUM PATCH This Month

An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Linux Linux Kernel Active Iq Unified Manager H410c Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4236 HIGH This Week

A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora Debian Linux H300s Firmware +4
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2023-4527 MEDIUM POC This Month

A flaw was found in glibc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Glibc Codeready Linux Builder Eus Codeready Linux Builder Eus For Power Little Endian +24
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-4813 MEDIUM PATCH This Month

A flaw has been identified in glibc. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Glibc Enterprise Linux +14
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2023-32252 HIGH PATCH This Week

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel H300s Firmware +4
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2023-3212 MEDIUM PATCH This Month

A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Fedora +7
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-2911 HIGH PATCH This Week

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Bind Debian Linux Fedora +6
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2023-2829 HIGH This Week

A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bind Active Iq Unified Manager H500s Firmware H700s Firmware +3
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-2828 HIGH PATCH This Week

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Bind Debian Linux Fedora Active Iq Unified Manager +5
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2023-35788 HIGH POC PATCH This Week

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Privilege Escalation Linux Memory Corruption +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-3111 HIGH This Week

A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +6
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-2953 HIGH This Week

A vulnerability was found in openldap. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Openldap Enterprise Linux macOS +8
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2023-2898 MEDIUM PATCH This Month

There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Debian Linux +5
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-2124 HIGH POC PATCH This Week

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Linux Linux Kernel Debian Linux +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-0045 HIGH POC PATCH This Week

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Linux Kernel Debian Linux Active Iq Unified Manager H300s Firmware +4
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2023-2269 MEDIUM This Month

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Fedora Debian Linux +5
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-2007 HIGH PATCH This Week

The specific flaw exists within the DPT I2O Controller driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Linux Kernel Debian Linux H300s Firmware H500s Firmware +4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31084 MEDIUM This Month

An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel Fedora Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-28464 HIGH PATCH This Week

hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Linux Linux Kernel H300s Firmware H410c Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-1380 HIGH PATCH This Week

A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Linux Broadcom Information Disclosure +9
NVD
CVSS 3.1
7.1
EPSS
16.6%
CVE-2023-1077 HIGH PATCH This Week

In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition. Rated high severity (CVSS 7.0). This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Buffer Overflow Linux Linux Kernel Debian Linux +10
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2023-0386 HIGH POC KEV PATCH THREAT Act Now

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Authentication Bypass Debian Linux H300s Firmware H500s Firmware +5
NVD
CVSS 3.1
7.8
EPSS
7.9%
CVE-2023-26545 MEDIUM PATCH This Month

In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Debian Linux Linux Kernel H300s Firmware +4
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2022-47521 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow Linux Kernel Debian Linux +5
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-47520 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Linux Buffer Overflow Linux Kernel Debian Linux +5
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-47519 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow Linux Kernel Debian Linux +5
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-47518 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow Linux Kernel Debian Linux +5
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-45934 HIGH PATCH This Week

An issue was discovered in the Linux kernel through 6.0.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Linux Linux Kernel Fedora +6
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-45919 HIGH This Week

An issue was discovered in the Linux kernel through 6.0.10. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Linux Use After Free Memory Corruption Linux Kernel +5
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-45888 MEDIUM This Month

An issue was discovered in the Linux kernel through 6.0.9. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Information Disclosure Linux Linux Kernel H410c Firmware +4
NVD
CVSS 3.1
6.4
EPSS
0.7%
CVE-2022-45887 MEDIUM This Month

An issue was discovered in the Linux kernel through 6.0.9. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Linux Linux Kernel H410c Firmware +4
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2022-45886 HIGH PATCH This Week

An issue was discovered in the Linux kernel through 6.0.9. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Linux Linux Kernel H410c Firmware +4
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-45885 HIGH This Week

An issue was discovered in the Linux kernel through 6.0.9. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Linux Linux Kernel H410c Firmware +4
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-45884 HIGH This Week

An issue was discovered in the Linux kernel through 6.0.9. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Linux Linux Kernel H300s Firmware +4
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-40304 HIGH PATCH This Week

An issue was discovered in libxml2 before 2.10.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Libxml2 Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +13
NVD
CVSS 3.1
7.8
EPSS
6.8%
CVE-2022-40303 HIGH PATCH This Week

An issue was discovered in libxml2 before 2.10.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Libxml2 Active Iq Unified Manager Clustered Data Ontap +14
NVD
CVSS 3.1
7.5
EPSS
22.8%
CVE-2022-43945 HIGH PATCH This Week

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Linux Linux Kernel Active Iq Unified Manager H300s Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-43680 HIGH POC This Week

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Libexpat Debian Linux +10
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-3545 HIGH PATCH This Week

A vulnerability has been found in Linux Kernel and classified as critical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Kernel H410c Firmware +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-3202 HIGH PATCH This Week

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Linux Null Pointer Dereference Denial Of Service Linux Kernel H410c Firmware +4
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2022-2964 HIGH PATCH This Week

A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel Enterprise Linux H300s Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-39046 MEDIUM POC This Month

An issue was discovered in the GNU C Library (glibc) 2.36. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glibc H300s Firmware H500s Firmware H700s Firmware +3
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2022-2961 HIGH This Week

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +6
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-1199 HIGH PATCH This Week

A flaw was found in the Linux kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +7
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-2938 HIGH PATCH This Week

A flaw was found in the Linux kernel's implementation of Pressure Stall Information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2873 MEDIUM This Month

An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Intel Denial Of Service Linux Kernel Fedora +7
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-1973 HIGH This Week

A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +6
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-36123 HIGH POC PATCH This Week

The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Denial Of Service Linux Kernel H300s Firmware H500s Firmware +3
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-36879 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.18.14. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux A700S Firmware +21
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-1671 HIGH PATCH This Week

A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Linux Null Pointer Dereference Denial Of Service Linux Kernel H300s Firmware +4
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-31160 LIB MEDIUM POC PATCH This Month

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui H300s Firmware H500s Firmware H700s Firmware +6
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2022-2318 MEDIUM PATCH This Month

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-2097 Cargo MEDIUM PATCH This Month

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Fedora Active Iq Unified Manager Clustered Data Ontap Antivirus Connector +7
NVD
CVSS 3.1
5.3
EPSS
4.4%
CVE-2022-34918 HIGH POC PATCH Act Now

An issue was discovered in the Linux kernel through 5.18.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Buffer Overflow Linux Kernel Debian Linux +6
NVD
CVSS 3.1
7.8
EPSS
5.5%
CVE-2022-2274 Cargo CRITICAL POC PATCH THREAT Act Now

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE OpenSSL Buffer Overflow Snapcenter +5
NVD GitHub
CVSS 3.1
9.8
EPSS
44.9%
CVE-2022-2068 HIGH PATCH This Week

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection OpenSSL Debian Linux Fedora Sinec Ins +24
NVD
CVSS 3.1
7.3
EPSS
96.3%
CVE-2022-1998 HIGH PATCH This Week

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-32250 HIGH POC PATCH This Week

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Memory Corruption Use After Free Linux Linux Kernel +7
NVD GitHub
CVSS 3.1
7.8
EPSS
2.9%
CVE-2022-1786 HIGH This Week

A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Linux Linux Kernel H410c Firmware +4
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-1652 HIGH This Week

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Linux Use After Free Denial Of Service +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-1882 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-1678 HIGH PATCH This Week

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel Active Iq Unified Manager Cloud Volumes Ontap Mediator +14
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2022-1183 HIGH This Week

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind H410c Firmware H300s Firmware H500s Firmware +2
NVD
CVSS 3.1
7.5
EPSS
6.4%
CVE-2022-1734 HIGH POC PATCH This Week

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware. Rated high severity (CVSS 7.0). Public exploit code available.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +9
NVD GitHub
CVSS 3.1
7.0
EPSS
0.5%
CVE-2022-29581 HIGH POC PATCH This Week

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux Linux Kernel Debian Linux Ubuntu Linux +8
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-1587 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 Enterprise Linux Fedora +9
NVD GitHub
CVSS 3.1
9.1
EPSS
2.6%
CVE-2022-1586 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 Fedora Enterprise Linux +10
NVD GitHub
CVSS 3.1
9.1
EPSS
3.2%
CVE-2022-1679 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +9
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-30594 HIGH POC PATCH This Week

The Linux kernel before 5.17.2 mishandles seccomp permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Linux Kernel Debian Linux Solidfire Enterprise Sds Hci Storage Node +10
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-29155 CRITICAL POC THREAT Act Now

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openldap Debian Linux H300s Firmware H500s Firmware +4
NVD
CVSS 3.1
9.8
EPSS
69.9%
CVE-2022-29824 MEDIUM POC PATCH This Month

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Libxml2 Libxslt Fedora +16
NVD
CVSS 3.1
6.5
EPSS
3.6%
CVE-2022-29968 HIGH PATCH This Week

An issue was discovered in the Linux kernel through 5.17.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora H300s Firmware +5
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-1353 HIGH PATCH This Week

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Debian Linux Enterprise Linux +8
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-1048 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +10
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-29156 HIGH PATCH This Week

drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel H300E Firmware H300s Firmware +6
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-28893 HIGH PATCH This Week

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Memory Corruption Use After Free Linux Linux Kernel +12
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-28796 HIGH PATCH This Week

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. Rated high severity (CVSS 7.0).

Race Condition Linux Information Disclosure Linux Kernel Enterprise Linux +13
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-28389 MEDIUM PATCH This Month

mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora Debian Linux +8
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Active Iq Unified Manager +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Use After Free Memory Corruption Information Disclosure +13
NVD
EPSS 6% CVSS 7.0
HIGH POC PATCH This Week

A double-close vulnerability exists in libcurl when tearing down connection channels after threaded name resolution, causing the same eventfd file descriptor to be closed twice. This affects curl version 8.11.1 and various NetApp products that bundle libcurl, potentially leading to file descriptor confusion, limited information disclosure, and high availability impact. A public proof-of-concept exploit is available (HackerOne report 2954286), and the vulnerability has a notably high EPSS score of 6.37% (91st percentile), indicating elevated real-world exploitation likelihood.

Mozilla Denial Of Service Use After Free +10
NVD VulDB
EPSS 0% CVSS 3.4
LOW POC Monitor

When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Element Software +15
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Libxml2 Hci Compute Node +7
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Denial Of Service Memory Corruption OpenSSL +19
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix nfsd4_encode_fattr4() crasher Ensure that args.acl is initialized early. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +9
NVD
EPSS 1% CVSS 7.4
HIGH This Week

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Glibc Debian Linux +10
NVD
EPSS 0% CVSS 7.3
HIGH This Week

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Glibc Debian Linux +10
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Null Pointer Dereference Denial Of Service Glibc +12
NVD
EPSS 1% CVSS 8.1
HIGH This Week

nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Glibc +8
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure OpenSSL Debian Linux +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Linux Linux Kernel +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora +6
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A flaw was found in glibc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Glibc +26
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

A flaw has been identified in glibc. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption +16
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux +6
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +9
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Bind +8
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bind Active Iq Unified Manager +5
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Bind Debian Linux +7
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Privilege Escalation +10
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux +8
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability was found in openldap. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Openldap +10
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux +7
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Linux +7
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Linux Kernel Debian Linux +6
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The specific flaw exists within the DPT I2O Controller driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Linux Kernel Debian Linux +6
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Linux Linux Kernel +5
NVD
EPSS 17% CVSS 7.1
HIGH PATCH This Week

A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Linux +11
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition. Rated high severity (CVSS 7.0). This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Buffer Overflow Linux +12
NVD
EPSS 8% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Authentication Bypass Debian Linux +7
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Debian Linux +6
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow +7
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Linux Buffer Overflow +7
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow +7
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow +7
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel through 6.0.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Linux +8
NVD
EPSS 0% CVSS 7.0
HIGH This Week

An issue was discovered in the Linux kernel through 6.0.10. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Linux Use After Free +7
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

An issue was discovered in the Linux kernel through 6.0.9. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Information Disclosure Linux +6
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

An issue was discovered in the Linux kernel through 6.0.9. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Linux +6
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An issue was discovered in the Linux kernel through 6.0.9. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Linux +6
NVD
EPSS 0% CVSS 7.0
HIGH This Week

An issue was discovered in the Linux kernel through 6.0.9. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Linux +6
NVD
EPSS 0% CVSS 7.0
HIGH This Week

An issue was discovered in the Linux kernel through 6.0.9. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Linux +6
NVD
EPSS 7% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in libxml2 before 2.10.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Libxml2 Active Iq Unified Manager +15
NVD
EPSS 23% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in libxml2 before 2.10.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Libxml2 +16
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Linux Linux Kernel +6
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free +12
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability has been found in Linux Kernel and classified as critical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Linux Null Pointer Dereference Denial Of Service +6
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel +6
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

An issue was discovered in the GNU C Library (glibc) 2.36. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glibc H300s Firmware +5
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Linux Denial Of Service +8
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the Linux kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service +9
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the Linux kernel's implementation of Pressure Stall Information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service +9
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Intel Denial Of Service +9
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Linux Denial Of Service +8
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Denial Of Service Linux Kernel +5
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.18.14. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +23
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Linux Null Pointer Dereference Denial Of Service +6
NVD
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui H300s Firmware +8
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free +8
NVD GitHub
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Fedora +9
NVD
EPSS 5% CVSS 7.8
HIGH POC PATCH Act Now

An issue was discovered in the Linux kernel through 5.18.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Buffer Overflow +8
NVD
EPSS 45% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE OpenSSL +7
NVD GitHub
EPSS 96% CVSS 7.3
HIGH PATCH This Week

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection OpenSSL Debian Linux +26
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Memory Corruption Use After Free +9
NVD
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Memory Corruption Use After Free +9
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Linux +6
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Linux +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free +10
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel +16
NVD GitHub
EPSS 6% CVSS 7.5
HIGH This Week

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind H410c Firmware +4
NVD
EPSS 1% CVSS 7.0
HIGH POC PATCH This Week

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware. Rated high severity (CVSS 7.0). Public exploit code available.

Denial Of Service Memory Corruption Use After Free +11
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux Linux Kernel +10
NVD
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 +11
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 +12
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free +11
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

The Linux kernel before 5.17.2 mishandles seccomp permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Linux Kernel +12
NVD GitHub
EPSS 70% CVSS 9.8
CRITICAL POC THREAT Act Now

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openldap Debian Linux +6
NVD
EPSS 4% CVSS 6.5
MEDIUM POC PATCH This Month

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Libxml2 +18
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel through 5.17.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +7
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel +10
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +8
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Memory Corruption Use After Free +14
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. Rated high severity (CVSS 7.0).

Race Condition Linux Information Disclosure +15
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +10
NVD GitHub
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy