Hci bootstrap os
This hub aggregates every CVE we track for Hci bootstrap os, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.
27
CVEs tracked
1
Critical
12
High
0
In CISA KEV
Severity distribution
HIGH12MEDIUM12LOW2CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Hci bootstrap os.
- CVE-2024-33602nscd: netgroup cache assumes NSS callback uses in-buffer strings7.4
- CVE-2024-33601nscd: netgroup cache may terminate daemon on memory allocation failure7.3
- CVE-2024-33600nscd: Null pointer crashes after notfound response5.9
- CVE-2024-33599nscd: Stack-based buffer overflow in netgroup cache8.1
- CVE-2023-29153Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002.0 may allow a privileged user to potentially enable denial of service via network access.4.9
- CVE-2023-28531ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.9.8
- CVE-2021-4209A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial ...6.5
- CVE-2022-36879An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.5.5
- CVE-2022-30115Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the h...4.3
- CVE-2022-27779libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuil...5.3
- CVE-2022-27781libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make ...7.5
- CVE-2022-27774An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects i...5.7
- CVE-2022-27775An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a co...7.5
- CVE-2022-27776A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.6.5
- CVE-2022-27780The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved...7.5
Product normalization is registry-driven with AI assist and human review. How it works