Element software

This hub aggregates every CVE we track for Element software, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Element software.

• CVE-2025-0167netrc and default credential leak3.4Feb 5, 2025
• CVE-2024-33602nscd: netgroup cache assumes NSS callback uses in-buffer strings7.4May 6, 2024
• CVE-2022-45061An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably ...7.5Nov 9, 2022
• CVE-2022-35252When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses...3.7Sep 23, 2022
• CVE-2022-32205A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent...4.3Jul 7, 2022
• CVE-2022-32206curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "lin...6.5Jul 7, 2022
• CVE-2022-32207When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.I...9.8Jul 7, 2022
• CVE-2022-32208When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows i...5.9Jul 7, 2022
• CVE-2022-2068The c_rehash script allows command injection7.3Jun 21, 2022
• CVE-2022-1678An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.5.9May 25, 2022
• CVE-2022-21496Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 1...5.3Apr 19, 2022
• CVE-2022-21476Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0....7.5Apr 19, 2022
• CVE-2022-21443Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0....3.7Apr 19, 2022
• CVE-2021-4203A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker w...6.8Mar 25, 2022
• CVE-2021-3753A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt...4.7Feb 16, 2022