📦 H410c Firmware

CVE-2024-54085 is a critical authentication bypass vulnerability in AMI's SPx BMC firmware that allows remote attackers to gain unauthorized access through the Redfish Host Interface without credentia...

libcurl incorrectly closes the same eventfd file descriptor twice during threaded name resolution cleanup, causing a use-after-free condition. This vulnerability affects applications using libcurl wit...

This vulnerability in libxml2 allows attackers to bypass custom SAX handler protections against external entity processing, enabling classic XML External Entity (XXE) attacks. Any application using af...

An out-of-bounds read vulnerability in PCRE2 library's JIT compiler allows reading memory beyond allocated buffers during recursive regular expression processing. This affects any software using PCRE2...

This CVE describes a SQL injection vulnerability in OpenLDAP's experimental back-sql backend. Attackers can execute arbitrary SQL commands via specially crafted LDAP search filters, potentially compro...

A memory leak vulnerability in the Linux kernel's ICMPv6 implementation allows remote attackers to cause denial-of-service by sending crafted ICMPv6 packets (types 130 or 131), leading to system memor...

This CVE describes a stack-based buffer overflow vulnerability in libxml2's xmlSnprintfElements function. Attackers can exploit this by providing malicious XML documents with DTD validation enabled, p...

A stack-based buffer overflow vulnerability in nscd (Name Service Cache Daemon) allows attackers to execute arbitrary code or crash the service when netgroup cache is exhausted. This affects systems r...

A memory allocation failure in nscd's netgroup cache can cause the daemon to terminate, resulting in denial of service for clients relying on name service caching. This affects systems running glibc 2...

CVE-2024-28757 is an XML Entity Expansion vulnerability in libexpat that allows attackers to cause denial of service through resource exhaustion when external parsers are created via XML_ExternalEntit...

CVE-2023-4911 is a buffer overflow vulnerability in the GNU C Library's dynamic loader (ld.so) that allows local attackers to exploit SUID binaries. By crafting malicious GLIBC_TUNABLES environment va...

A denial-of-service vulnerability in BIND 9's DNS-over-TLS implementation causes the named service to crash when handling high volumes of DNS-over-TLS queries due to assertion failures from incorrect ...

This vulnerability in the Linux kernel's ksmbd SMB server allows attackers to cause a denial-of-service by sending specially crafted SMB2_LOGOFF commands. The flaw exists due to improper pointer valid...

A vulnerability in BIND 9 DNS servers configured with DNSSEC validation and aggressive cache usage allows remote attackers to cause denial of service by sending specially crafted NSEC records. This af...

This vulnerability allows attackers to perform out-of-bounds writes in the Linux kernel's flower classifier code via specially crafted GENEVE packets. It affects Linux systems running kernel versions ...

A use-after-free vulnerability in the Linux kernel's Btrfs filesystem allows local attackers to potentially crash the system or execute arbitrary code with kernel privileges. This affects Linux system...

This vulnerability in OpenLDAP causes a null pointer dereference in the ber_memalloc_x() function, which can lead to denial of service (DoS) by crashing the LDAP service. Any system running vulnerable...

A local privilege escalation vulnerability exists in the Linux kernel's XFS filesystem when restoring from a dirty log journal after failure. This allows a local attacker to trigger out-of-bounds memo...

This vulnerability is a use-after-free and double-free flaw in the Linux kernel's Bluetooth subsystem that can lead to privilege escalation. Attackers with local access can exploit memory corruption t...

CVE-2023-1077 is a type confusion vulnerability in the Linux kernel's real-time scheduler that can lead to memory corruption. This allows local attackers to potentially escalate privileges or cause de...

This CVE describes an out-of-bounds read vulnerability in the Broadcom brcmfmac WiFi driver in the Linux kernel. When processing association request data, the driver can read beyond allocated memory b...

This Linux kernel vulnerability allows local users to escalate privileges by exploiting a uid mapping bug in OverlayFS when copying capable files between mounts. Attackers can gain root access on affe...

CVE-2022-1998 is a use-after-free vulnerability in the Linux kernel's fanotify file system notification subsystem. A local attacker could trigger this flaw to crash the system or potentially escalate ...

This vulnerability in the Linux kernel's netfilter component allows a local user with namespace creation privileges to escalate to root via a use-after-free condition. It affects Linux kernel versions...

A use-after-free vulnerability in the Linux kernel's io_uring subsystem allows local attackers to crash the system or potentially escalate privileges. This affects Linux systems with specific io_uring...

CVE-2022-1652 is a use-after-free vulnerability in the Linux kernel's floppy disk driver that allows local attackers to execute arbitrary code or cause denial of service. This affects Linux systems wi...

CVE-2022-1882 is a use-after-free vulnerability in the Linux kernel's pipes functionality that allows a local user to crash the system or potentially escalate privileges. This affects Linux systems wi...

This vulnerability causes the BIND DNS server to crash with an assertion failure when configured with HTTP references in listen-on statements. It affects BIND servers using DNS over HTTPS (DoH) config...

A use-after-free vulnerability in the Linux kernel's NFC Marvell driver allows attackers to potentially execute arbitrary code or cause denial of service. This affects Linux systems with the nfcmrvl d...

A local privilege escalation vulnerability in the Linux kernel's net/sched subsystem allows attackers with local access to gain root privileges. This affects Linux kernel versions 4.14 through 5.17. T...

CVE-2022-1679 is a use-after-free vulnerability in the Linux kernel's Atheros wireless adapter driver (ath9k_htc). It allows a local attacker to crash the system or potentially escalate privileges by ...

A use-after-free vulnerability in the Linux kernel's sound subsystem allows local attackers to trigger race conditions in ALSA PCM ioctl operations. This can lead to system crashes or potential privil...

A local privilege escalation vulnerability in the Linux kernel's pfkey_register function allows unprivileged local users to access kernel memory. This can lead to system crashes or information disclos...

CVE-2022-29156 is a double-free vulnerability in the Linux kernel's RDMA Transport (RTRS) client driver that could allow local attackers to cause a kernel panic or potentially execute arbitrary code. ...

This vulnerability in the Linux kernel's SUNRPC subsystem allows a use-after-free condition when freeing transport structures before sockets are properly closed. Attackers could potentially exploit th...

CVE-2022-28796 is a use-after-free vulnerability in the Linux kernel's jbd2 journaling subsystem caused by a transaction_t race condition. This allows local attackers to potentially escalate privilege...

CVE-2022-1055 is a use-after-free vulnerability in the Linux kernel's tc_new_tfilter function that allows local attackers to escalate privileges. The exploit requires unprivileged user namespaces to b...

A memory access vulnerability in the Linux kernel's i915 GPU driver allows local attackers to execute malicious GPU code, potentially causing system crashes or privilege escalation. This affects Linux...

This vulnerability in the Linux kernel's BPF subsystem allows a local user to trigger an out-of-bounds memory write via the BPF_BTF_LOAD command. This can lead to system crashes or privilege escalatio...

CVE-2022-0995 is an out-of-bounds write vulnerability in the Linux kernel's watch_queue subsystem that allows a local attacker to overwrite kernel memory. This can lead to privilege escalation or deni...

This vulnerability in zlib allows memory corruption during compression (deflating) when processing input with many distant matches. It affects any software using vulnerable zlib versions for compressi...

This Linux kernel vulnerability allows a local unprivileged user to write to file handlers in the cgroups subsystem, potentially leading to system crashes or privilege escalation. It affects both cgro...

CVE-2022-0635 is a denial-of-service vulnerability in BIND 9.18.0 where specific DNS queries can trigger an assertion failure, causing the named process to terminate. This affects organizations runnin...

CVE-2022-27666 is a heap buffer overflow vulnerability in the Linux kernel's IPsec ESP transformation code. It allows local attackers with standard user privileges to overwrite kernel heap objects, po...

CVE-2022-0667 is a denial-of-service vulnerability in BIND 9.18.0 where specially crafted queries cause the BIND process to exit, disrupting DNS services. This affects organizations running BIND 9.18....

A use-after-free vulnerability in the Linux kernel's FUSE filesystem allows a local attacker to trigger write() operations that can lead to unauthorized data access and privilege escalation. This affe...