Skip to main content

H700s Firmware

226 CVEs product

Monthly

CVE-2022-32205 MEDIUM POC PATCH THREAT This Month

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora Debian Linux Clustered Data Ontap +15
NVD
CVSS 3.1
4.3
EPSS
26.9%
CVE-2022-2318 MEDIUM PATCH This Month

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-2097 Cargo MEDIUM PATCH This Month

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Fedora Active Iq Unified Manager Clustered Data Ontap Antivirus Connector +7
NVD
CVSS 3.1
5.3
EPSS
4.4%
CVE-2022-34918 HIGH POC PATCH Act Now

An issue was discovered in the Linux kernel through 5.18.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Buffer Overflow Linux Kernel Debian Linux +6
NVD
CVSS 3.1
7.8
EPSS
5.5%
CVE-2022-2274 Cargo CRITICAL POC PATCH THREAT Act Now

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE OpenSSL Buffer Overflow Snapcenter +5
NVD GitHub
CVSS 3.1
9.8
EPSS
44.9%
CVE-2022-2068 HIGH PATCH This Week

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection OpenSSL Debian Linux Fedora Sinec Ins +24
NVD
CVSS 3.1
7.3
EPSS
96.3%
CVE-2022-1998 HIGH PATCH This Week

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-32250 HIGH POC PATCH This Week

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Memory Corruption Use After Free Linux Linux Kernel +7
NVD GitHub
CVSS 3.1
7.8
EPSS
2.9%
CVE-2022-30115 MEDIUM POC PATCH This Month

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Curl Hci Bootstrap Os Clustered Data Ontap Solidfire Enterprise Sds Hci Storage Node +6
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2022-27780 HIGH POC This Week

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Hci Bootstrap Os Clustered Data Ontap Solidfire Enterprise Sds Hci Storage Node +6
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-27779 MEDIUM POC This Month

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Hci Bootstrap Os Clustered Data Ontap Solidfire Enterprise Sds Hci Storage Node +7
NVD
CVSS 3.1
5.3
EPSS
2.4%
CVE-2022-27778 HIGH POC PATCH This Week

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Active Iq Unified Manager Clustered Data Ontap Oncommand Insight +10
NVD
CVSS 3.1
8.1
EPSS
3.5%
CVE-2022-27776 MEDIUM POC This Month

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora Debian Linux Hci Bootstrap Os +9
NVD
CVSS 3.1
6.5
EPSS
3.4%
CVE-2022-27775 HIGH POC This Week

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux Hci Bootstrap Os Clustered Data Ontap +9
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-1786 HIGH This Week

A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Linux Linux Kernel H410c Firmware +4
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-1652 HIGH This Week

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Linux Use After Free Denial Of Service +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-1882 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-1678 HIGH PATCH This Week

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel Active Iq Unified Manager Cloud Volumes Ontap Mediator +14
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2022-1183 HIGH This Week

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind H410c Firmware H300s Firmware H500s Firmware +2
NVD
CVSS 3.1
7.5
EPSS
6.4%
CVE-2022-1734 HIGH POC PATCH This Week

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware. Rated high severity (CVSS 7.0). Public exploit code available.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +9
NVD GitHub
CVSS 3.1
7.0
EPSS
0.5%
CVE-2022-29581 HIGH POC PATCH This Week

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux Linux Kernel Debian Linux Ubuntu Linux +8
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-1116 HIGH POC PATCH This Week

Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Linux Buffer Overflow Linux Kernel H300s Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-1587 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 Enterprise Linux Fedora +9
NVD GitHub
CVSS 3.1
9.1
EPSS
2.6%
CVE-2022-1586 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 Fedora Enterprise Linux +10
NVD GitHub
CVSS 3.1
9.1
EPSS
3.2%
CVE-2022-1679 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +9
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-30594 HIGH POC PATCH This Week

The Linux kernel before 5.17.2 mishandles seccomp permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Linux Kernel Debian Linux Solidfire Enterprise Sds Hci Storage Node +10
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-29155 CRITICAL POC THREAT Act Now

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openldap Debian Linux H300s Firmware H500s Firmware +4
NVD
CVSS 3.1
9.8
EPSS
69.9%
CVE-2022-1473 Cargo HIGH PATCH This Week

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +22
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2022-1434 Cargo MEDIUM PATCH This Month

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +22
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2022-1343 Cargo MEDIUM PATCH This Month

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +22
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-1292 HIGH This Week

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection OpenSSL Brownfield Connectivity Gateway Debian Linux Active Iq Unified Manager +31
NVD
CVSS 3.1
7.3
EPSS
83.2%
CVE-2022-29824 MEDIUM POC PATCH This Month

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Libxml2 Libxslt Fedora +16
NVD
CVSS 3.1
6.5
EPSS
3.6%
CVE-2022-29968 HIGH PATCH This Week

An issue was discovered in the Linux kernel through 5.17.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora H300s Firmware +5
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-1353 HIGH PATCH This Week

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Debian Linux Enterprise Linux +8
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-1048 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +10
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-29156 HIGH PATCH This Week

drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel H300E Firmware H300s Firmware +6
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-28893 HIGH PATCH This Week

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Memory Corruption Use After Free Linux Linux Kernel +12
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-28796 HIGH PATCH This Week

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. Rated high severity (CVSS 7.0).

Race Condition Linux Information Disclosure Linux Kernel Enterprise Linux +13
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-28389 MEDIUM PATCH This Month

mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora Debian Linux +8
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-28388 MEDIUM PATCH This Month

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux Fedora +8
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-0998 HIGH PATCH This Week

An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Integer Overflow Linux Linux Kernel H300s Firmware +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-1055 HIGH POC PATCH This Week

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. Rated high severity (CVSS 8.6). Public exploit code available.

Privilege Escalation Memory Corruption Use After Free Linux Linux Kernel +11
NVD
CVSS 4.0
8.6
EPSS
0.5%
CVE-2022-0995 HIGH POC PATCH Act Now

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Linux Buffer Overflow Linux Kernel +12
NVD
CVSS 3.1
7.8
EPSS
6.2%
CVE-2022-0500 HIGH PATCH This Week

A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel Fedora H300E Firmware +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-0435 HIGH POC PATCH THREAT This Week

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Memory Corruption Linux Buffer Overflow Linux Kernel Codeready Linux Builder +28
NVD
CVSS 3.1
8.8
EPSS
68.0%
CVE-2022-0330 HIGH This Week

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Codeready Linux Builder Codeready Linux Builder Eus +35
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-0635 HIGH This Week

Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind H300s Firmware H500s Firmware H700s Firmware +5
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-0396 MEDIUM PATCH This Month

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bind Fedora H300s Firmware H500s Firmware +7
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2022-27666 HIGH PATCH This Week

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Memory Corruption Buffer Overflow Linux Kernel Fedora +11
NVD GitHub
CVSS 3.1
7.8
EPSS
5.5%
CVE-2022-0667 HIGH This Week

When the vulnerability is triggered the BIND process will exit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bind H300s Firmware H500s Firmware H700s Firmware +5
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-1011 HIGH This Week

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Authentication Bypass Linux Use After Free +30
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2022-0742 HIGH PATCH This Week

Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel A400 Firmware Aff 8300 Firmware +11
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2022-27223 HIGH PATCH This Week

In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Linux Information Disclosure Linux Kernel Active Iq Unified Manager H500s Firmware +7
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-26966 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.16.12. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Active Iq Unified Manager H500s Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0516 HIGH PATCH This Week

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Fedora Debian Linux +20
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26490 HIGH PATCH This Week

st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Linux Buffer Overflow Linux Kernel Fedora H300s Firmware +8
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-23308 HIGH PATCH This Week

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Libxml2 Fedora +33
NVD GitHub
CVSS 3.1
7.5
EPSS
6.0%
CVE-2022-0646 HIGH PATCH This Week

A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel H410c Firmware H300s Firmware +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-4090 HIGH PATCH This Week

An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel H300s Firmware +7
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2021-45485 HIGH PATCH This Week

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel E Series Santricity Os Controller Solidfire Enterprise Sds Hci Storage Node +23
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2021-45469 HIGH POC This Week

In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linux Information Disclosure Linux Kernel Fedora +9
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-44733 HIGH POC This Week

A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Linux Information Disclosure Race Condition Linux Kernel Enterprise Linux +10
NVD GitHub
CVSS 3.1
7.0
EPSS
0.7%
CVE-2021-45100 HIGH PATCH This Week

The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Microsoft Information Disclosure Ksmbd H410c Firmware +7
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-4044 Cargo HIGH PATCH This Week

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Denial Of Service Cloud Backup E Series Performance Analyzer Ontap Select Deploy Administration Utility +12
NVD
CVSS 3.1
7.5
EPSS
50.1%
CVE-2021-43976 MEDIUM PATCH This Month

In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Linux Denial Of Service Linux Kernel Fedora Debian Linux +12
NVD
CVSS 3.1
4.6
EPSS
0.6%
CVE-2021-43975 MEDIUM POC This Month

In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linux Memory Corruption Linux Kernel Fedora +9
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2021-42377 CRITICAL Act Now

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&&. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Busybox Fedora Cloud Backup +9
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-42376 MEDIUM This Month

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Busybox Fedora Cloud Backup +9
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-42375 MEDIUM This Month

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Busybox Fedora Cloud Backup Hci Management Node +8
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-42374 MEDIUM POC This Month

An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. Rated medium severity (CVSS 5.3). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Busybox Fedora +10
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-42373 MEDIUM This Month

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Busybox Fedora Cloud Backup +9
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-43618 HIGH POC PATCH This Week

GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Gmp Debian Linux Active Iq Unified Manager +5
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2021-43267 CRITICAL POC PATCH THREAT Act Now

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Fedora H300s Firmware +6
NVD GitHub
CVSS 3.1
9.8
EPSS
57.6%
CVE-2021-43057 HIGH POC PATCH This Week

An issue was discovered in the Linux kernel before 5.14.8. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Buffer Overflow Memory Corruption Linux Kernel +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-25219 MEDIUM PATCH This Month

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bind Debian Linux Fedora H300s Firmware +11
NVD
CVSS 3.1
5.3
EPSS
8.0%
CVE-2021-41184 LIB MEDIUM PATCH This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jquery Ui Fedora H300s Firmware H500s Firmware +23
NVD GitHub
CVSS 3.1
6.1
EPSS
44.5%
CVE-2021-41183 LIB MEDIUM POC PATCH This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Fedora H300s Firmware H500s Firmware +24
NVD GitHub
CVSS 3.1
6.1
EPSS
7.9%
CVE-2021-41182 LIB MEDIUM POC PATCH THREAT This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Fedora H500s Firmware H700s Firmware +25
NVD GitHub
CVSS 3.1
6.1
EPSS
42.2%
CVE-2021-42327 MEDIUM This Month

dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Amd Memory Corruption Linux Kernel +9
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2021-42252 HIGH PATCH This Week

An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel H300s Firmware H500s Firmware +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42008 HIGH POC PATCH This Week

The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Memory Corruption Linux Kernel H300s Firmware +9
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-41864 HIGH PATCH This Week

prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Integer Overflow Linux Kernel Fedora +13
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-22947 MEDIUM POC PATCH This Month

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Curl Fedora Debian Linux Cloud Backup +22
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2021-22946 HIGH POC PATCH This Week

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux Fedora Cloud Backup +25
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2021-22945 CRITICAL POC PATCH Act Now

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora Cloud Backup Clustered Data Ontap +13
NVD
CVSS 3.1
9.1
EPSS
6.2%
CVE-2021-38300 HIGH POC PATCH This Week

arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux RCE Linux Kernel Cloud Backup H410c Firmware +8
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-41073 HIGH PATCH This Week

loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux Fedora +10
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-40490 HIGH PATCH This Week

A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. Rated high severity (CVSS 7.0).

Linux Information Disclosure Race Condition Linux Kernel Fedora +14
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2021-22926 HIGH POC PATCH This Week

libcurl-using applications can ask for a specific client certificate to be used in a transfer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Curl Active Iq Unified Manager Clustered Data Ontap +16
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22923 MEDIUM POC PATCH This Month

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Fedora Cloud Backup Clustered Data Ontap +12
NVD
CVSS 3.1
5.3
EPSS
1.8%
EPSS 27% CVSS 4.3
MEDIUM POC PATCH THREAT This Month

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora +17
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free +8
NVD GitHub
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Fedora +9
NVD
EPSS 5% CVSS 7.8
HIGH POC PATCH Act Now

An issue was discovered in the Linux kernel through 5.18.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Buffer Overflow +8
NVD
EPSS 45% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE OpenSSL +7
NVD GitHub
EPSS 96% CVSS 7.3
HIGH PATCH This Week

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection OpenSSL Debian Linux +26
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Memory Corruption Use After Free +9
NVD
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Memory Corruption Use After Free +9
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Curl Hci Bootstrap Os +8
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Hci Bootstrap Os +8
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Hci Bootstrap Os +9
NVD
EPSS 3% CVSS 8.1
HIGH POC PATCH This Week

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Active Iq Unified Manager +12
NVD
EPSS 3% CVSS 6.5
MEDIUM POC This Month

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora +11
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux +11
NVD VulDB
EPSS 1% CVSS 7.8
HIGH This Week

A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Linux +6
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Linux +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free +10
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel +16
NVD GitHub
EPSS 6% CVSS 7.5
HIGH This Week

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind H410c Firmware +4
NVD
EPSS 1% CVSS 7.0
HIGH POC PATCH This Week

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware. Rated high severity (CVSS 7.0). Public exploit code available.

Denial Of Service Memory Corruption Use After Free +11
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux Linux Kernel +10
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Linux Buffer Overflow +5
NVD
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 +11
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 +12
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free +11
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

The Linux kernel before 5.17.2 mishandles seccomp permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Linux Kernel +12
NVD GitHub
EPSS 70% CVSS 9.8
CRITICAL POC THREAT Act Now

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openldap Debian Linux +6
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL Active Iq Unified Manager +24
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure Active Iq Unified Manager +24
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Active Iq Unified Manager +24
NVD
EPSS 83% CVSS 7.3
HIGH This Week

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection OpenSSL Brownfield Connectivity Gateway +33
NVD
EPSS 4% CVSS 6.5
MEDIUM POC PATCH This Month

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Libxml2 +18
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel through 5.17.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +7
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel +10
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +8
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Memory Corruption Use After Free +14
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. Rated high severity (CVSS 7.0).

Race Condition Linux Information Disclosure +15
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +10
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +10
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Integer Overflow Linux +9
NVD
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. Rated high severity (CVSS 8.6). Public exploit code available.

Privilege Escalation Memory Corruption Use After Free +13
NVD
EPSS 6% CVSS 7.8
HIGH POC PATCH Act Now

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Linux +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel +9
NVD
EPSS 68% CVSS 8.8
HIGH POC PATCH THREAT This Week

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Memory Corruption Linux Buffer Overflow +30
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel +37
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind H300s Firmware +7
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bind Fedora +9
NVD
EPSS 6% CVSS 7.8
HIGH PATCH This Week

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Memory Corruption Buffer Overflow +13
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

When the vulnerability is triggered the BIND process will exit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bind H300s Firmware +7
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Authentication Bypass +32
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel +13
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Linux Information Disclosure Linux Kernel +9
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.16.12. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +9
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel +22
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Linux Buffer Overflow Linux Kernel +10
NVD GitHub
EPSS 6% CVSS 7.5
HIGH PATCH This Week

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +35
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +8
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux +9
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel +25
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linux Information Disclosure +11
NVD
EPSS 1% CVSS 7.0
HIGH POC This Week

A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Linux Information Disclosure Race Condition +12
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Microsoft Information Disclosure +9
NVD GitHub
EPSS 50% CVSS 7.5
HIGH PATCH This Week

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Denial Of Service Cloud Backup +14
NVD
EPSS 1% CVSS 4.6
MEDIUM PATCH This Month

In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Linux Denial Of Service Linux Kernel +14
NVD
EPSS 1% CVSS 6.7
MEDIUM POC This Month

In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linux Memory Corruption +11
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&&. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Busybox +11
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Busybox +11
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Busybox Fedora +10
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. Rated medium severity (CVSS 5.3). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +12
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Busybox +11
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Gmp +7
NVD
EPSS 58% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel +8
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

An issue was discovered in the Linux kernel before 5.14.8. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Buffer Overflow +10
NVD
EPSS 8% CVSS 5.3
MEDIUM PATCH This Month

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bind Debian Linux +13
NVD
EPSS 45% CVSS 6.1
MEDIUM PATCH This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jquery Ui Fedora +25
NVD GitHub
EPSS 8% CVSS 6.1
MEDIUM POC PATCH This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Fedora +26
NVD GitHub
EPSS 42% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Fedora +27
NVD GitHub
EPSS 1% CVSS 6.7
MEDIUM This Month

dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Amd +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +9
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Memory Corruption +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Integer Overflow +15
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Curl Fedora +24
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux +27
NVD
EPSS 6% CVSS 9.1
CRITICAL POC PATCH Act Now

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora +15
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux RCE Linux Kernel +10
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +12
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. Rated high severity (CVSS 7.0).

Linux Information Disclosure Race Condition +16
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

libcurl-using applications can ask for a specific client certificate to be used in a transfer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Curl +18
NVD VulDB
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Fedora +14
NVD
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy