Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fedoraproject fedora 23 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-38802
FRRouting FRR 7.5.1 up to and including 9.0 and Pica8 PICOS 4.3.3.2 allow a remote malicious user to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).
Frrouting Frrouting
Pica8 Picos 4.3.3.2
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
7.5
CVSSv3
CVE-2022-3786
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue ce...
Openssl Openssl
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Nodejs Node.js 19.0.0
Nodejs Node.js 18.12.0
Nodejs Node.js
24 Github repositories
1 Article
7.5
CVSSv3
CVE-2022-3602
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue...
Openssl Openssl
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Netapp Clustered Data Ontap -
Fedoraproject Fedora 26
Fedoraproject Fedora 27
Nodejs Node.js 19.0.0
Nodejs Node.js 18.12.0
Nodejs Node.js
30 Github repositories
1 Article
9.8
CVSSv3
CVE-2022-37434
zlib up to and including 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may...
Zlib Zlib
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
Netapp Oncommand Workflow Automation -
Netapp Storagegrid -
Netapp Ontap Select Deploy Administration Utility -
Netapp Hci -
Netapp Active Iq Unified Manager -
Netapp Hci Compute Node -
Netapp Management Services For Element Software -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Apple Macos
Apple Iphone Os
Apple Watchos
Apple Ipados
Stormshield Stormshield Network Security
3 Github repositories
8.1
CVSSv3
CVE-2022-32212
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing ...
Nodejs Node.js
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Siemens Sinec Ins 1.0
Siemens Sinec Ins
6.5
CVSSv3
CVE-2022-32213
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
Llhttp Llhttp
Nodejs Node.js
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Siemens Sinec Ins 1.0
Debian Debian Linux 11.0
Stormshield Stormshield Management Center
6.5
CVSSv3
CVE-2022-32215
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
Nodejs Node.js
Llhttp Llhttp
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Siemens Sinec Ins 1.0
Debian Debian Linux 11.0
Stormshield Stormshield Management Center
5.3
CVSSv3
CVE-2022-2097
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of...
Openssl Openssl
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Active Iq Unified Manager -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
Siemens Sinec Ins 1.0
Siemens Sinec Ins
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.8
CVSSv3
CVE-2022-2068
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not dis...
Openssl Openssl
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Siemens Sinec Ins 1.0
Siemens Sinec Ins
Netapp Santricity Smi-s Provider -
Netapp Element Software -
Netapp Ontap Select Deploy Administration Utility -
Netapp Smi-s Provider -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Snapmanager -
Netapp Ontap Antivirus Connector -
Netapp Bootstrap Os -
Netapp H615c Firmware -
Netapp H610s Firmware -
Netapp H610c Firmware -
Netapp H410c Firmware -
Netapp H300s Firmware -
Netapp H500s Firmware -
1 Github repository
1 Article
9.8
CVSSv3
CVE-2022-31813
Apache HTTP Server 2.4.53 and previous versions may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Apache Http Server
Netapp Clustered Data Ontap -
Fedoraproject Fedora 35
Fedoraproject Fedora 36
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »