cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-0306,https://securityvulnerability.io/vulnerability/CVE-2025-0306,Ruby Interpreter Vulnerability Affecting Messaging Security,"A vulnerability exists within the Ruby interpreter that is susceptible to the Marvin Attack. This weakness enables attackers to decrypt previously secured messages and fabricate signatures. By exchanging an extensive number of messages with the affected Ruby service, an attacker can compromise the integrity and confidentiality of the communication, posing significant risks to sensitive data.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Storage 3",7.4,HIGH,0.000910000002477318,false,false,false,false,false,false,false,2025-01-09T04:05:42.194Z,0
CVE-2024-56827,https://securityvulnerability.io/vulnerability/CVE-2024-56827,Heap Buffer Overflow in OpenJPEG Project Affecting Multiple Applications,"A vulnerability exists in the OpenJPEG project, where a heap buffer overflow may occur when specific parameters are utilized within the opj_decompress utility. This flaw can lead to application crashes or unpredictable behavior, compromising software reliability and security. Users are encouraged to review their OpenJPEG implementations and apply necessary mitigations to safeguard against potential exploitation.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.6,MEDIUM,0.0004199999966658652,false,false,false,false,false,false,false,2025-01-09T03:40:30.512Z,0
CVE-2024-56826,https://securityvulnerability.io/vulnerability/CVE-2024-56826,Heap Buffer Overflow in OpenJPEG Affects Multiple Releases,"A heap buffer overflow vulnerability has been identified within the OpenJPEG project. This flaw arises when using specific options with the opj_decompress utility. Exploitation of this vulnerability may lead to application crashes or unexpected behavior, posing potential risks to data integrity and system stability. Users are advised to evaluate their use of affected OpenJPEG versions and implement necessary updates.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.6,MEDIUM,0.0004199999966658652,false,false,false,false,false,false,false,2025-01-09T03:40:24.613Z,0
CVE-2024-9632,https://securityvulnerability.io/vulnerability/CVE-2024-9632,"X.org Server Flaw Allows Buffer Overflow, Denial of Service or Privilege Escalation","A flaw exists in the X.org server that stems from an improper handling of allocation size in the _XkbSetCompatMap function. This vulnerability allows a local attacker to potentially exploit this issue by sending a specially crafted payload, which could result in a buffer overflow condition. If successfully exploited, this vulnerability may lead to denial of service or enable local privilege escalation in environments where the X.org server operates with elevated permissions, specifically with root access. It is crucial for administrators to review their configurations and apply necessary security updates to mitigate the risks associated with this vulnerability.",Red Hat,",Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9.4 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-10-30T07:42:35.320Z,0
CVE-2024-8612,https://securityvulnerability.io/vulnerability/CVE-2024-8612,"QEMU Vendor Flaw Affectsvirtio-scsi, virtio-blk, and virtio-crypto Devices","A vulnerability exists within QEMU, particularly affecting the virtio-scsi, virtio-blk, and virtio-crypto devices. This arises from a flaw in the virtqueue_push process where the size parameter can exceed the actual data size sent to the guest. Consequently, when the dma_memory_unmap function is invoked, it may erroneously call the address_space_write function to write back potentially sensitive information. This process can inadvertently expose uninitialized data from the bounce buffer, leading to an information leak that poses a security risk.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",3.8,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-09-20T18:15:00.000Z,0
CVE-2024-8354,https://securityvulnerability.io/vulnerability/CVE-2024-8354,QEMU Flaw May Allow Guest User to Crash Host and Cause Denial of Service,A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.,Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-19T10:45:06.191Z,0
CVE-2024-8445,https://securityvulnerability.io/vulnerability/CVE-2024-8445,Insufficient Fix for Server Crash Vulnerability in 389-ds-base,"An insufficient input validation vulnerability exists in Red Hat 389 Directory Server (389-ds-base), which allows authenticated users to cause a server crash. This vulnerability arises when an authenticated user attempts to modify the `userPassword` attribute using malformed input. The fix for a previous vulnerability (CVE-2024-2199) did not address all potential scenarios, leaving certain versions of the server susceptible to this issue. It is crucial for users to be aware of this risk and to apply the necessary updates to ensure the security and stability of their deployment.",Red Hat,"Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.7,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-09-05T14:24:01.125Z,0
CVE-2024-8235,https://securityvulnerability.io/vulnerability/CVE-2024-8235,Crash of virtinterfaced Daemon Due to NULL Pointer Dereference,A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.,Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",6.2,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-08-30T17:15:00.000Z,0
CVE-2024-43168,https://securityvulnerability.io/vulnerability/CVE-2024-43168,Unbound: heap-buffer-overflow in unbound,"A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1,Red Hat Openstack Platform 18.0",4.8,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2024-7006,https://securityvulnerability.io/vulnerability/CVE-2024-7006,Libtiff: null pointer dereference in tif_dirinfo.c,"A null pointer dereference flaw has been identified in the Libtiff library, particularly in the `tif_dirinfo.c` component. This vulnerability could be exploited by an attacker to manipulate memory allocation processes, resulting in application crashes. The attack exploits conditions such as restricting heap space or injecting faults, which triggers segmentation faults. As a result, affected applications may experience unexpected terminations, leading to service disruptions. Organizations using Libtiff within their applications should implement appropriate mitigations to protect against this vulnerability.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9",7.5,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2024-43167,https://securityvulnerability.io/vulnerability/CVE-2024-43167,Segmentation Fault Vulnerability in Unbound's ub_ctx_set_fwd Function,"A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1,Red Hat Openstack Platform 18.0",2.8,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2024-7409,https://securityvulnerability.io/vulnerability/CVE-2024-7409,QEMU NBD Server Vulnerability: DoS Attack via Socket Closure,A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.,Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Openshift Container Platform 4.13,Red Hat Openshift Container Platform 4.15,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",,,0.0004600000102072954,false,false,false,false,,false,false,2024-08-05T13:19:27.498Z,0
CVE-2024-6655,https://securityvulnerability.io/vulnerability/CVE-2024-6655,Gtk3: gtk2: library injection from cwd,"A significant flaw has been identified within the GTK library, allowing an attacker to potentially inject a malicious library into a GTK application through manipulation of the current working directory. This vulnerability arises under specific conditions where the library path can be controlled, leading to possible exploitation of applications that utilize GTK for their graphical user interface. It poses risks to application integrity and could be exploited to execute arbitrary code in the context of the affected application. Mitigation and updates from vendors are essential to secure systems against this vulnerability.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9",7,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2024-07-16T15:15:00.000Z,0
CVE-2023-39329,https://securityvulnerability.io/vulnerability/CVE-2023-39329,Denial of Service Flaw in OpenJPEG Opj_t1_decode_cblks Function,"A flaw has been identified in the OpenJPEG imaging library that can lead to resource exhaustion. Specifically, the issue resides in the opj_t1_decode_cblks function within tcd.c. By processing a specially crafted image file, an attacker can exploit this vulnerability, potentially resulting in a denial of service condition.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-13T03:15:00.000Z,0
CVE-2023-39327,https://securityvulnerability.io/vulnerability/CVE-2023-39327,OpenJPEG Vulnerability Leads to Terminal Looping,"A vulnerability exists within the OpenJPEG library that can be exploited through specially crafted images. When such images are processed, the library may enter an infinite loop, resulting in excessive terminal output and potentially leading to resource exhaustion. This behavior can disrupt normal operations and diminish the availability of applications relying on the OpenJPEG library.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-13T03:15:00.000Z,0
CVE-2024-6237,https://securityvulnerability.io/vulnerability/CVE-2024-6237,389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request,"A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.",Red Hat,"Red Hat Directory Server 12.4 For Rhel 9,Red Hat Enterprise Linux 9,Red Hat Directory Server 11,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8",6.5,MEDIUM,0.0006900000153109431,false,false,false,false,,false,false,2024-07-09T17:15:00.000Z,0
CVE-2023-39328,https://securityvulnerability.io/vulnerability/CVE-2023-39328,Openjpeg: denail of service via crafted image file,"A security flaw has been identified in the OpenJPEG library that allows attackers to circumvent existing security measures and induce application crashes. This vulnerability arises when applications process specially crafted files, potentially resulting in a denial of service. Developers and administrators are urged to review their implementations of OpenJPEG and apply necessary security patches to safeguard against these threats.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-09T14:15:00.000Z,0
CVE-2024-6409,https://securityvulnerability.io/vulnerability/CVE-2024-6409,Signal Handler Race Condition Vulnerability in OpenSSH sshd,"A race condition vulnerability exists in how signals are managed by OpenSSH's server (sshd). This issue arises when signals are processed asynchronously after a remote attacker fails to authenticate within a designated time frame. The asynchronous execution of the SIGALRM handler invokes various functions, including syslog(), which are not considered safe for asynchronous signal execution. Exploiting this vulnerability may lead to unauthorized remote code execution by an attacker as an unprivileged user on the affected server, endangering the integrity and security of the system. Administrators are urged to apply relevant patches and updates to mitigate these risks.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",7,HIGH,0.0004400000034365803,false,true,false,true,,true,false,2024-07-08T17:57:10.517Z,6583
CVE-2024-6505,https://securityvulnerability.io/vulnerability/CVE-2024-6505,Heap Overflow Vulnerability in QEMU's virtio-net Device,"A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",6.8,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-05T13:51:38.241Z,0
CVE-2024-4467,https://securityvulnerability.io/vulnerability/CVE-2024-4467,QEMU qemu-img Vulnerability: Memory or CPU Consumption Denial of Service,"A vulnerability exists in the QEMU disk image utility related to the 'info' command, where a specially crafted image file containing a specific JSON value can cause the qemu-img process to use an excessive amount of system resources. This behavior may result in resource exhaustion, potentially leading to a denial of service. The exploit can also enable unauthorized read/write access to existing external files on the host system, creating a significant security risk for affected environments.",Red Hat,"Advanced Virtualization For Rhel 8.2.1,Advanced Virtualization For Rhel 8.4.0.eus,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Openshift Virtualization 4",7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-07-02T16:15:00.000Z,0
CVE-2024-6387,https://securityvulnerability.io/vulnerability/CVE-2024-6387,Signal Handler Race Condition in OpenSSH's Server,"A regression vulnerability discovered in OpenSSH's server (sshd) involves a race condition affecting the handling of signals. This vulnerability allows an attacker to exploit the sshd service by failing to authenticate within a specified timeframe. If successfully triggered, this flaw could alter the normal operation of the sshd service. As a result, an unauthenticated remote attacker may gain the ability to execute arbitrary code, potentially compromising the affected system. This vulnerability underscores the importance of timely security updates and robust configurations to safeguard systems running OpenSSH.",Red Hat,"Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Openshift Container Platform 4",8.1,HIGH,0.0031900000758469105,false,true,false,true,true,true,true,2024-07-01T12:37:25.431Z,159237
CVE-2024-6239,https://securityvulnerability.io/vulnerability/CVE-2024-6239,Pdfinfo Utility Vulnerable to Denial of Service Attack,"A vulnerability in Red Hat's Poppler's Pdfinfo utility can be exploited when the -dests parameter is used with malformed input files. This flaw can lead to crashes of the pdfinfo utility, potentially causing a denial of service. Attackers may leverage this condition to disrupt normal operations of systems utilizing this utility, thereby impacting service availability.",Red Hat,",Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",7.5,HIGH,0.0014100000262260437,false,false,false,false,,false,false,2024-06-21T13:28:23.857Z,0
CVE-2024-5953,https://securityvulnerability.io/vulnerability/CVE-2024-5953,Denial of Service Vulnerability in 389-ds-base LDAP Server,A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.,Red Hat,"Red Hat Directory Server 11.7 For Rhel 8,Red Hat Directory Server 11.9 For Rhel 8,Red Hat Directory Server 12.2 Eus For Rhel 9,Red Hat Directory Server 12.4 For Rhel 9,Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6",5.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-06-18T10:01:56.714Z,0
CVE-2024-5742,https://securityvulnerability.io/vulnerability/CVE-2024-5742,GNU Nano Vulnerability Allows Privilege Escalation Through Insecure Temporary File,"A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9",6.7,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-06-12T08:53:02.256Z,0
CVE-2024-2698,https://securityvulnerability.io/vulnerability/CVE-2024-2698,Missing condition for granting 'forwardable' flag on S4U2Self tickets,"A flaw exists in FreeIPA concerning the initial implementation of MS-SFU by MIT Kerberos, where the condition for granting the 'forwardable' flag was overlooked in S4U2Self tickets. This flaw necessitated an adjustment in the check_allowed_to_delegate() function: a NULL target service argument indicates that the KDC is investigating general constrained delegation rules instead of a specific S4U2Proxy request. In FreeIPA version 4.11.0, the ipadb_match_acl() functionality was modified to reflect changes from upstream MIT Kerberos 1.20. Nonetheless, an oversight caused this mechanism to apply improperly, allowing S4U2Proxy requests to be granted regardless of the existence of a corresponding service delegation rule.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",8.8,HIGH,0.0005600000149570405,false,false,false,false,,false,false,2024-06-12T08:03:49.013Z,0