Total
291 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22600 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2025-02-24 | 7.2 HIGH | 6.6 MEDIUM |
| A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 | |||||
| CVE-2023-27536 | 5 Debian, Fedoraproject, Haxx and 2 more | 14 Debian Linux, Fedora, Libcurl and 11 more | 2025-02-14 | N/A | 5.9 MEDIUM |
| An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed. | |||||
| CVE-2023-0045 | 3 Debian, Linux, Netapp | 13 Debian Linux, Linux Kernel, Active Iq Unified Manager and 10 more | 2025-02-13 | N/A | 4.7 MEDIUM |
| The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96 | |||||
| CVE-2023-4911 | 6 Canonical, Debian, Fedoraproject and 3 more | 38 Ubuntu Linux, Debian Linux, Fedora and 35 more | 2025-01-27 | N/A | 7.8 HIGH |
| A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. | |||||
| CVE-2023-28321 | 5 Apple, Debian, Fedoraproject and 2 more | 14 Macos, Debian Linux, Fedora and 11 more | 2025-01-15 | N/A | 5.9 MEDIUM |
| An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. | |||||
| CVE-2023-28320 | 3 Apple, Haxx, Netapp | 12 Macos, Curl, Clustered Data Ontap and 9 more | 2025-01-15 | N/A | 5.9 MEDIUM |
| A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. | |||||
| CVE-2023-28319 | 3 Apple, Haxx, Netapp | 12 Macos, Curl, Clustered Data Ontap and 9 more | 2025-01-15 | N/A | 7.5 HIGH |
| A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. | |||||
| CVE-2023-2953 | 4 Apple, Netapp, Openldap and 1 more | 16 Macos, Active Iq Unified Manager, Clustered Data Ontap and 13 more | 2025-01-10 | N/A | 7.5 HIGH |
| A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. | |||||
| CVE-2023-5363 | 3 Debian, Netapp, Openssl | 12 Debian Linux, H300s, H300s Firmware and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
| Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue. | |||||
| CVE-2023-4813 | 4 Fedoraproject, Gnu, Netapp and 1 more | 21 Fedora, Glibc, Active Iq Unified Manager and 18 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. | |||||
| CVE-2023-4527 | 4 Fedoraproject, Gnu, Netapp and 1 more | 32 Fedora, Glibc, H300s and 29 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. | |||||
| CVE-2023-4273 | 5 Debian, Fedoraproject, Linux and 2 more | 12 Debian Linux, Fedora, Linux Kernel and 9 more | 2024-11-21 | N/A | 6.0 MEDIUM |
| A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. | |||||
| CVE-2023-4236 | 4 Debian, Fedoraproject, Isc and 1 more | 13 Debian Linux, Fedora, Bind and 10 more | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1. | |||||
| CVE-2023-4004 | 5 Debian, Fedoraproject, Linux and 2 more | 8 Debian Linux, Fedora, Linux Kernel and 5 more | 2024-11-21 | N/A | 7.8 HIGH |
| A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. | |||||
| CVE-2023-40791 | 2 Linux, Netapp | 9 Linux Kernel, H300s, H300s Firmware and 6 more | 2024-11-21 | N/A | 6.3 MEDIUM |
| extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page. | |||||
| CVE-2023-3390 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410c and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
| A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97. | |||||
| CVE-2023-3212 | 5 Debian, Fedoraproject, Linux and 2 more | 14 Debian Linux, Fedora, Linux Kernel and 11 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic. | |||||
| CVE-2023-38432 | 2 Linux, Netapp | 7 Linux Kernel, H300s, H410s and 4 more | 2024-11-21 | N/A | 9.1 CRITICAL |
| An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read. | |||||
| CVE-2023-38431 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410s and 3 more | 2024-11-21 | N/A | 9.1 CRITICAL |
| An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read. | |||||
| CVE-2023-38430 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410s and 3 more | 2024-11-21 | N/A | 9.1 CRITICAL |
| An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read. | |||||