Skip to main content

H500s Firmware

225 CVEs product

Monthly

CVE-2025-24928 HIGH PATCH This Week

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Active Iq Unified Manager Manageability Software Development Kit Ontap +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-56171 HIGH PATCH This Week

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Libxml2 Hci Compute Node +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-0665 HIGH POC PATCH This Week

A double-close vulnerability exists in libcurl when tearing down connection channels after threaded name resolution, causing the same eventfd file descriptor to be closed twice. This affects curl version 8.11.1 and various NetApp products that bundle libcurl, potentially leading to file descriptor confusion, limited information disclosure, and high availability impact. A public proof-of-concept exploit is available (HackerOne report 2954286), and the vulnerability has a notably high EPSS score of 6.37% (91st percentile), indicating elevated real-world exploitation likelihood.

Mozilla Denial Of Service Use After Free Bootstrap Os H410c Firmware +8
NVD VulDB
CVSS 3.1
7.0
EPSS
6.4%
CVE-2025-0167 LOW POC Monitor

When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Element Software Ontap Ontap Select Deploy Administration Utility +13
NVD
CVSS 3.1
3.4
EPSS
0.3%
CVE-2024-40896 CRITICAL Act Now

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Libxml2 Hci Compute Node Solidfire Hci Management Node Solidfire Hci Storage Node +5
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2024-6119 HIGH PATCH This Week

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Denial Of Service Memory Corruption OpenSSL Active Iq Unified Manager Management Services For Element Software And Netapp Hci +17
NVD GitHub
CVSS 3.1
7.5
EPSS
6.6%
CVE-2024-36958 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix nfsd4_encode_fattr4() crasher Ensure that args.acl is initialized early. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Converged Systems Advisor Agent Solidfire Hci Management Node +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-33602 HIGH This Week

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Glibc Debian Linux H300s Firmware H500s Firmware +8
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2024-33601 HIGH This Week

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Glibc Debian Linux H300s Firmware H500s Firmware +8
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-33600 MEDIUM This Month

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Null Pointer Dereference Denial Of Service Glibc Debian Linux Active Iq Unified Manager +10
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-33599 HIGH This Week

nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Glibc Debian Linux H300s Firmware +6
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-5363 HIGH PATCH This Week

Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure OpenSSL Debian Linux H300s Firmware H410s Firmware +3
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2023-40791 MEDIUM POC PATCH This Month

extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page. Rated medium severity (CVSS 6.3). Public exploit code available.

Information Disclosure Linux Linux Kernel H300s Firmware H500s Firmware +2
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2023-4236 HIGH This Week

A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora Debian Linux H300s Firmware +4
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2023-4527 MEDIUM POC This Month

A flaw was found in glibc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Glibc Codeready Linux Builder Eus Codeready Linux Builder Eus For Power Little Endian +24
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-4813 MEDIUM PATCH This Month

A flaw has been identified in glibc. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Glibc Enterprise Linux +14
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2023-4273 MEDIUM POC PATCH This Month

A flaw was found in the exFAT driver of the Linux kernel. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Linux Linux Kernel Fedora +6
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2023-32252 HIGH PATCH This Week

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel H300s Firmware +4
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2023-3212 MEDIUM PATCH This Month

A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Fedora +7
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-2911 HIGH PATCH This Week

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Bind Debian Linux Fedora +6
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2023-2829 HIGH This Week

A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bind Active Iq Unified Manager H500s Firmware H700s Firmware +3
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-2828 HIGH PATCH This Week

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Bind Debian Linux Fedora Active Iq Unified Manager +5
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2023-35788 HIGH POC PATCH This Week

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Privilege Escalation Linux Memory Corruption +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-3111 HIGH This Week

A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +6
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-2953 HIGH This Week

A vulnerability was found in openldap. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Openldap Enterprise Linux macOS +8
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2023-2898 MEDIUM PATCH This Month

There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Debian Linux +5
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-28322 LOW POC Monitor

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora macOS Clustered Data Ontap +5
NVD
CVSS 3.1
3.7
EPSS
2.2%
CVE-2023-28321 MEDIUM POC This Month

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux Fedora Clustered Data Ontap +6
NVD
CVSS 3.1
5.9
EPSS
1.8%
CVE-2023-28320 MEDIUM POC This Month

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Curl macOS Clustered Data Ontap Ontap Antivirus Connector +4
NVD
CVSS 3.1
5.9
EPSS
2.7%
CVE-2023-28319 HIGH POC This Week

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Curl macOS +6
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2023-33250 MEDIUM This Month

The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Linux Memory Corruption Linux Kernel +4
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-2124 HIGH POC PATCH This Week

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Linux Linux Kernel Debian Linux +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-0045 HIGH POC PATCH This Week

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Linux Kernel Debian Linux Active Iq Unified Manager H300s Firmware +4
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2023-2269 MEDIUM This Month

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Fedora Debian Linux +5
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-2007 HIGH PATCH This Week

The specific flaw exists within the DPT I2O Controller driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Linux Kernel Debian Linux H300s Firmware H500s Firmware +4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-28464 HIGH PATCH This Week

hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Linux Linux Kernel H300s Firmware H410c Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27538 MEDIUM POC This Month

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora Debian Linux Active Iq Unified Manager +7
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2023-27537 MEDIUM POC This Month

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Libcurl Active Iq Unified Manager Clustered Data Ontap Brocade Fabric Operating System Firmware +5
NVD
CVSS 3.1
5.9
EPSS
1.9%
CVE-2023-27536 MEDIUM POC This Month

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora Debian Linux Active Iq Unified Manager +6
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2023-27535 MEDIUM POC This Month

An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora Debian Linux Active Iq Unified Manager +6
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2023-27534 HIGH POC This Week

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Curl Fedora Active Iq Unified Manager +6
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-27533 HIGH POC This Week

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Curl Fedora Active Iq Unified Manager Clustered Data Ontap +5
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-1380 HIGH PATCH This Week

A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Linux Broadcom Information Disclosure +9
NVD
CVSS 3.1
7.1
EPSS
16.6%
CVE-2023-1077 HIGH PATCH This Week

In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition. Rated high severity (CVSS 7.0). This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Buffer Overflow Linux Linux Kernel Debian Linux +10
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2023-0386 HIGH POC KEV PATCH THREAT Act Now

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Authentication Bypass Debian Linux H300s Firmware H500s Firmware +5
NVD
CVSS 3.1
7.8
EPSS
7.9%
CVE-2023-26545 MEDIUM PATCH This Month

In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Debian Linux Linux Kernel H300s Firmware +4
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-23916 MEDIUM POC This Month

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Curl Fedora Debian Linux H300s Firmware +5
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-23915 MEDIUM This Month

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Curl Active Iq Unified Manager Clustered Data Ontap H300s Firmware +4
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-23914 CRITICAL POC Act Now

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Active Iq Unified Manager Clustered Data Ontap H300s Firmware +4
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-47521 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow Linux Kernel Debian Linux +5
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-47520 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Linux Buffer Overflow Linux Kernel Debian Linux +5
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-47519 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow Linux Kernel Debian Linux +5
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-47518 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow Linux Kernel Debian Linux +5
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-35260 MEDIUM POC This Month

curl can be told to parse a `.netrc` file for credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Curl Clustered Data Ontap H300s Firmware +5
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-32221 CRITICAL POC Act Now

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap H300s Firmware H500s Firmware +5
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-45934 HIGH PATCH This Week

An issue was discovered in the Linux kernel through 6.0.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Linux Linux Kernel Fedora +6
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-45919 HIGH This Week

An issue was discovered in the Linux kernel through 6.0.10. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Linux Use After Free Memory Corruption Linux Kernel +5
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-45888 MEDIUM This Month

An issue was discovered in the Linux kernel through 6.0.9. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Information Disclosure Linux Linux Kernel H410c Firmware +4
NVD
CVSS 3.1
6.4
EPSS
0.7%
CVE-2022-45887 MEDIUM This Month

An issue was discovered in the Linux kernel through 6.0.9. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Linux Linux Kernel H410c Firmware +4
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2022-45886 HIGH PATCH This Week

An issue was discovered in the Linux kernel through 6.0.9. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Linux Linux Kernel H410c Firmware +4
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-45885 HIGH This Week

An issue was discovered in the Linux kernel through 6.0.9. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Linux Linux Kernel H410c Firmware +4
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-45884 HIGH This Week

An issue was discovered in the Linux kernel through 6.0.9. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Linux Linux Kernel H300s Firmware +4
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-40304 HIGH PATCH This Week

An issue was discovered in libxml2 before 2.10.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Libxml2 Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +13
NVD
CVSS 3.1
7.8
EPSS
6.8%
CVE-2022-40303 HIGH PATCH This Week

An issue was discovered in libxml2 before 2.10.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Libxml2 Active Iq Unified Manager Clustered Data Ontap +14
NVD
CVSS 3.1
7.5
EPSS
22.8%
CVE-2022-44793 MEDIUM POC THREAT This Month

handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Net Snmp Debian Linux H300s Firmware +3
NVD GitHub
CVSS 3.1
6.5
EPSS
53.5%
CVE-2022-44792 MEDIUM POC THREAT This Month

handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Net Snmp Debian Linux H300s Firmware +3
NVD GitHub
CVSS 3.1
6.5
EPSS
52.1%
CVE-2022-43945 HIGH PATCH This Week

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Linux Linux Kernel Active Iq Unified Manager H300s Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-42915 HIGH This Week

curl before 7.86.0 has a double free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Curl Fedora H300s Firmware H500s Firmware +5
NVD
CVSS 3.1
8.1
EPSS
2.9%
CVE-2022-43680 HIGH POC This Week

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Libexpat Debian Linux +10
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-3649 HIGH PATCH This Week

A vulnerability was found in Linux Kernel. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Kernel Debian Linux +5
NVD VulDB
CVSS 3.1
7.0
EPSS
0.8%
CVE-2022-3564 HIGH PATCH This Week

A vulnerability classified as critical was found in Linux Kernel. Rated high severity (CVSS 7.1). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Kernel Debian Linux +4
NVD VulDB
CVSS 3.1
7.1
EPSS
1.3%
CVE-2022-3545 HIGH PATCH This Week

A vulnerability has been found in Linux Kernel and classified as critical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Kernel H410c Firmware +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-35252 LOW POC Monitor

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap Element Software Hci Management Node +9
NVD
CVSS 3.1
3.7
EPSS
1.8%
CVE-2022-3202 HIGH PATCH This Week

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Linux Null Pointer Dereference Denial Of Service Linux Kernel H410c Firmware +4
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2022-2964 HIGH PATCH This Week

A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel Enterprise Linux H300s Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2526 CRITICAL PATCH Act Now

A use-after-free vulnerability was found in systemd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Systemd Active Iq Unified Manager +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-39046 MEDIUM POC This Month

An issue was discovered in the GNU C Library (glibc) 2.36. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glibc H300s Firmware H500s Firmware H700s Firmware +3
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2022-2961 HIGH This Week

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +6
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-1199 HIGH PATCH This Week

A flaw was found in the Linux kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +7
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-2938 HIGH PATCH This Week

A flaw was found in the Linux kernel's implementation of Pressure Stall Information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2873 MEDIUM This Month

An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Intel Denial Of Service Linux Kernel Fedora +7
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-1973 HIGH This Week

A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +6
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-37434 CRITICAL POC PATCH THREAT Act Now

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Zlib Fedora Debian Linux +14
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
16.0%
CVE-2022-36123 HIGH POC PATCH This Week

The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Denial Of Service Linux Kernel H300s Firmware H500s Firmware +3
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-36879 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.18.14. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux A700S Firmware +21
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-1671 HIGH PATCH This Week

A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Linux Null Pointer Dereference Denial Of Service Linux Kernel H300s Firmware +4
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-31160 LIB MEDIUM POC PATCH This Month

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui H300s Firmware H500s Firmware H700s Firmware +6
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2022-32208 MEDIUM POC This Month

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Curl Fedora Debian Linux Clustered Data Ontap +10
NVD
CVSS 3.1
5.9
EPSS
6.8%
CVE-2022-32207 CRITICAL POC Act Now

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora Debian Linux Clustered Data Ontap +10
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2022-32206 MEDIUM POC PATCH THREAT This Month

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora Debian Linux Clustered Data Ontap +15
NVD
CVSS 3.1
6.5
EPSS
32.0%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Active Iq Unified Manager +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Use After Free Memory Corruption Information Disclosure +13
NVD
EPSS 6% CVSS 7.0
HIGH POC PATCH This Week

A double-close vulnerability exists in libcurl when tearing down connection channels after threaded name resolution, causing the same eventfd file descriptor to be closed twice. This affects curl version 8.11.1 and various NetApp products that bundle libcurl, potentially leading to file descriptor confusion, limited information disclosure, and high availability impact. A public proof-of-concept exploit is available (HackerOne report 2954286), and the vulnerability has a notably high EPSS score of 6.37% (91st percentile), indicating elevated real-world exploitation likelihood.

Mozilla Denial Of Service Use After Free +10
NVD VulDB
EPSS 0% CVSS 3.4
LOW POC Monitor

When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Element Software +15
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Libxml2 Hci Compute Node +7
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Denial Of Service Memory Corruption OpenSSL +19
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix nfsd4_encode_fattr4() crasher Ensure that args.acl is initialized early. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +9
NVD
EPSS 1% CVSS 7.4
HIGH This Week

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Glibc Debian Linux +10
NVD
EPSS 0% CVSS 7.3
HIGH This Week

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Glibc Debian Linux +10
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Null Pointer Dereference Denial Of Service Glibc +12
NVD
EPSS 1% CVSS 8.1
HIGH This Week

nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Glibc +8
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure OpenSSL Debian Linux +5
NVD
EPSS 0% CVSS 6.3
MEDIUM POC PATCH This Month

extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page. Rated medium severity (CVSS 6.3). Public exploit code available.

Information Disclosure Linux Linux Kernel +4
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora +6
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A flaw was found in glibc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Glibc +26
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

A flaw has been identified in glibc. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption +16
NVD
EPSS 1% CVSS 6.7
MEDIUM POC PATCH This Month

A flaw was found in the exFAT driver of the Linux kernel. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Linux +8
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux +6
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +9
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Bind +8
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bind Active Iq Unified Manager +5
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Bind Debian Linux +7
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Privilege Escalation +10
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux +8
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability was found in openldap. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Openldap +10
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux +7
NVD
EPSS 2% CVSS 3.7
LOW POC Monitor

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora +7
NVD
EPSS 2% CVSS 5.9
MEDIUM POC This Month

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux +8
NVD
EPSS 3% CVSS 5.9
MEDIUM POC This Month

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Curl macOS +6
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +8
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Linux +6
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Linux +7
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Linux Kernel Debian Linux +6
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The specific flaw exists within the DPT I2O Controller driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Linux Kernel Debian Linux +6
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Linux Linux Kernel +5
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora +9
NVD
EPSS 2% CVSS 5.9
MEDIUM POC This Month

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Libcurl Active Iq Unified Manager +7
NVD
EPSS 2% CVSS 5.9
MEDIUM POC This Month

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora +8
NVD
EPSS 2% CVSS 5.9
MEDIUM POC This Month

An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora +8
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Curl +8
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Curl Fedora +7
NVD
EPSS 17% CVSS 7.1
HIGH PATCH This Week

A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Linux +11
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition. Rated high severity (CVSS 7.0). This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Buffer Overflow Linux +12
NVD
EPSS 8% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Authentication Bypass Debian Linux +7
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Debian Linux +6
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Curl Fedora +7
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Curl Active Iq Unified Manager +6
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Active Iq Unified Manager +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow +7
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Linux Buffer Overflow +7
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow +7
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow +7
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

curl can be told to parse a `.netrc` file for credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Curl +7
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap +7
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel through 6.0.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Linux +8
NVD
EPSS 0% CVSS 7.0
HIGH This Week

An issue was discovered in the Linux kernel through 6.0.10. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Linux Use After Free +7
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

An issue was discovered in the Linux kernel through 6.0.9. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Information Disclosure Linux +6
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

An issue was discovered in the Linux kernel through 6.0.9. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Linux +6
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An issue was discovered in the Linux kernel through 6.0.9. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Linux +6
NVD
EPSS 0% CVSS 7.0
HIGH This Week

An issue was discovered in the Linux kernel through 6.0.9. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Linux +6
NVD
EPSS 0% CVSS 7.0
HIGH This Week

An issue was discovered in the Linux kernel through 6.0.9. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Linux +6
NVD
EPSS 7% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in libxml2 before 2.10.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Libxml2 Active Iq Unified Manager +15
NVD
EPSS 23% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in libxml2 before 2.10.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Libxml2 +16
NVD
EPSS 53% CVSS 6.5
MEDIUM POC THREAT This Month

handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Net Snmp +5
NVD GitHub
EPSS 52% CVSS 6.5
MEDIUM POC THREAT This Month

handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Net Snmp +5
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Linux Linux Kernel +6
NVD
EPSS 3% CVSS 8.1
HIGH This Week

curl before 7.86.0 has a double free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Curl Fedora +7
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free +12
NVD GitHub
EPSS 1% CVSS 7.0
HIGH PATCH This Week

A vulnerability was found in Linux Kernel. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow +7
NVD VulDB
EPSS 1% CVSS 7.1
HIGH PATCH This Week

A vulnerability classified as critical was found in Linux Kernel. Rated high severity (CVSS 7.1). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow +6
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability has been found in Linux Kernel and classified as critical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow +7
NVD VulDB
EPSS 2% CVSS 3.7
LOW POC Monitor

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap +11
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Linux Null Pointer Dereference Denial Of Service +6
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel +6
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A use-after-free vulnerability was found in systemd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free +6
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC This Month

An issue was discovered in the GNU C Library (glibc) 2.36. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glibc H300s Firmware +5
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Linux Denial Of Service +8
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the Linux kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service +9
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the Linux kernel's implementation of Pressure Stall Information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service +9
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Intel Denial Of Service +9
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Linux Denial Of Service +8
NVD
EPSS 16% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Zlib +16
NVD GitHub VulDB
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Denial Of Service Linux Kernel +5
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.18.14. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +23
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Linux Null Pointer Dereference Denial Of Service +6
NVD
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui H300s Firmware +8
NVD GitHub
EPSS 7% CVSS 5.9
MEDIUM POC This Month

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Curl Fedora +12
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora +12
NVD
EPSS 32% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora +17
NVD
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy