High
CVE-2025-62627
An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co-located guest VM memory, potentially resulting i…
Tag: Ionic Framework
All CVEs associated with "Ionic Framework". Page 1/1 • 18 CVEs.
About “Ionic Framework”
A curated feed of “Ionic Framework”-related CVEs appears below. We currently track 18 CVEs for this tag (all time). In the last 365 days, 7 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 33% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-476 - NULL Pointer Dereference, CWE-822 - Untrusted Pointer Dereference, CWE-122 - Heap-based Buffer Overflow.
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: ionic
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | Premier Support | Extended Support | EOL | LTS |
|---|---|---|---|---|---|---|
| 8 | 8.8.8 | Unavailable | Unavailable | - | ||
| 7 | 7.8.6 | Expired | ||||
| 6 | 6.7.5 | Expired | ||||
| 5 | 5.9.4 | Expired | ||||
| 4 | 4.11.13 | Expired | ||||
| 3 | 3.9.3 | Expired | ||||
| 2 | 2.3.0 | Expired | ||||
| 1 | 1.3.2 | Expired |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS (expired) · ICS
Subscribe CVEs: RSS for “Ionic Framework” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2026-05-13
High
CVE-2025-62624
A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
High
CVE-2025-62623
A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
2026-05-06
Medium
CVE-2026-43282
In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix potential NULL pointer dereference in ionic_query_port The function ionic_query_port() calls ib_device_get_netdev…
2026-03-25
Medium
CVE-2026-23384
In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix kernel stack leak in ionic_create_cq() struct ionic_cq_resp resp { __u32 cqid[2]; // offset 0 - PARTI…
2025-12-24
Unknown
CVE-2023-53994
In the Linux kernel, the following vulnerability has been resolved: ionic: remove WARN_ON to prevent panic_on_warn Remove unnecessary early code development check and the WARN_ON that it uses. The…
2025-10-01
Medium
CVE-2023-53470
In the Linux kernel, the following vulnerability has been resolved: ionic: catch failure from devlink_alloc Add a check for NULL on the alloc return. If devlink_alloc() fails and we try to use dev…
2024-12-29
Medium
CVE-2024-56715
In the Linux kernel, the following vulnerability has been resolved: ionic: Fix netdev notifier unregister on failure If register_netdev() fails, then the driver leaks the netdev notifier. Fix this…
Medium
CVE-2024-56714
In the Linux kernel, the following vulnerability has been resolved: ionic: no double destroy workqueue There are some FW error handling paths that can cause us to try to destroy the workqueue more…
2024-07-29
Medium
CVE-2024-42083
In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic due to multi-buffer handling Currently, the ionic_run_xdp() doesn't handle multi-buffer packets properly…
Medium
CVE-2024-42071
In the Linux kernel, the following vulnerability has been resolved: ionic: use dev_consume_skb_any outside of napi If we're not in a NAPI softirq context, we need to be careful about how we call na…
2024-07-12
Medium
CVE-2024-40907
In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic in XDP_TX action In the XDP_TX path, ionic driver sends a packet to the TX path with rx page and correspo…
High
CVE-2024-39502
In the Linux kernel, the following vulnerability has been resolved: ionic: fix use after netif_napi_del() When queues are started, netif_napi_add() and napi_enable() are called. If there are 4 queu…
2021-11-19
Medium
CVE-2021-44033
In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed.
2021-09-10
Medium
CVE-2021-3145
In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication.
2019-01-09
High
CVE-2018-16202
Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0) allows remote attackers to access arbit…
2018-03-13
Critical
CVE-2018-1000123
Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files (CWE-532) vulnerability in CDVKeychain.m that…
2014-10-19
Medium
CVE-2014-7475
The Ionic View (aka com.ionic.viewapp) application 0.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitiv…