Management services for element software

This hub aggregates every CVE we track for Management services for element software, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Management services for element software.

• CVE-2023-36054lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs bec...6.5Aug 7, 2023
• CVE-2023-37920Certifi's removal of e-Tugra root certificate7.5Jul 25, 2023
• CVE-2023-24329An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.7.5Feb 17, 2023
• CVE-2022-23491Removal of TrustCor root certificate6.8Dec 7, 2022
• CVE-2022-45061An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably ...7.5Nov 9, 2022
• CVE-2022-38023Netlogon RPC Elevation of Privilege Vulnerability8.1Nov 9, 2022
• CVE-2022-37967Windows Kerberos Elevation of Privilege Vulnerability7.2Nov 9, 2022
• CVE-2022-37966Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability8.1Nov 9, 2022
• CVE-2022-36033jsoup may not sanitize Cross-Site Scripting (XSS) attempts if SafeList.preserveRelativeLinks is enabled6.1Aug 29, 2022
• CVE-2022-37434zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected...9.8Aug 5, 2022
• CVE-2022-24736A Malformed Lua script can crash Redis3.3Apr 27, 2022
• CVE-2022-24735Lua scripts can be manipulated to overcome ACL rules in Redis3.9Apr 27, 2022
• CVE-2018-25032zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.7.5Mar 25, 2022
• CVE-2021-3737A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infin...7.5Mar 4, 2022
• CVE-2022-0391A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method d...7.5Feb 9, 2022