cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-0306,https://securityvulnerability.io/vulnerability/CVE-2025-0306,Ruby Interpreter Vulnerability Affecting Messaging Security,"A vulnerability exists within the Ruby interpreter that is susceptible to the Marvin Attack. This weakness enables attackers to decrypt previously secured messages and fabricate signatures. By exchanging an extensive number of messages with the affected Ruby service, an attacker can compromise the integrity and confidentiality of the communication, posing significant risks to sensitive data.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Storage 3",7.4,HIGH,0.000910000002477318,false,false,false,false,false,false,false,2025-01-09T04:05:42.194Z,0
CVE-2024-56827,https://securityvulnerability.io/vulnerability/CVE-2024-56827,Heap Buffer Overflow in OpenJPEG Project Affecting Multiple Applications,"A vulnerability exists in the OpenJPEG project, where a heap buffer overflow may occur when specific parameters are utilized within the opj_decompress utility. This flaw can lead to application crashes or unpredictable behavior, compromising software reliability and security. Users are encouraged to review their OpenJPEG implementations and apply necessary mitigations to safeguard against potential exploitation.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.6,MEDIUM,0.0004199999966658652,false,false,false,false,false,false,false,2025-01-09T03:40:30.512Z,0
CVE-2024-56826,https://securityvulnerability.io/vulnerability/CVE-2024-56826,Heap Buffer Overflow in OpenJPEG Affects Multiple Releases,"A heap buffer overflow vulnerability has been identified within the OpenJPEG project. This flaw arises when using specific options with the opj_decompress utility. Exploitation of this vulnerability may lead to application crashes or unexpected behavior, posing potential risks to data integrity and system stability. Users are advised to evaluate their use of affected OpenJPEG versions and implement necessary updates.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.6,MEDIUM,0.0004199999966658652,false,false,false,false,false,false,false,2025-01-09T03:40:24.613Z,0
CVE-2024-49395,https://securityvulnerability.io/vulnerability/CVE-2024-49395,Leakage of Bcc Email Header Field via Inference from Recipients Information,"In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-11-12T02:08:03.548Z,0
CVE-2024-49394,https://securityvulnerability.io/vulnerability/CVE-2024-49394,Unsigned In-Reply-To Emails Vulnerability Allows Impersonation,In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.,Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-11-12T02:07:19.551Z,0
CVE-2024-49393,https://securityvulnerability.io/vulnerability/CVE-2024-49393,Email header validation vulnerability risk,"In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.9,MEDIUM,0.0008699999889358878,false,false,false,false,,false,false,2024-11-12T01:55:40.765Z,0
CVE-2024-10963,https://securityvulnerability.io/vulnerability/CVE-2024-10963,Pam_Access Vulnerability: Bypassing Access Restrictions through Token Manipulation,"A vulnerability exists in PAM Access whereby certain entries in its configuration file can be incorrectly recognized as hostnames. This flaw enables attackers to masquerade as legitimate hostnames, potentially leading to unauthorized access to services and terminals. Systems leveraging PAM Access for managing user authentication could be compromised due to this misconfiguration issue, creating a significant risk for organizations relying on these security measures.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",7.4,HIGH,0.000910000002477318,false,false,false,false,,false,false,2024-11-07T16:02:34.873Z,0
CVE-2024-9632,https://securityvulnerability.io/vulnerability/CVE-2024-9632,"X.org Server Flaw Allows Buffer Overflow, Denial of Service or Privilege Escalation","A flaw exists in the X.org server that stems from an improper handling of allocation size in the _XkbSetCompatMap function. This vulnerability allows a local attacker to potentially exploit this issue by sending a specially crafted payload, which could result in a buffer overflow condition. If successfully exploited, this vulnerability may lead to denial of service or enable local privilege escalation in environments where the X.org server operates with elevated permissions, specifically with root access. It is crucial for administrators to review their configurations and apply necessary security updates to mitigate the risks associated with this vulnerability.",Red Hat,",Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9.4 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-10-30T07:42:35.320Z,0
CVE-2024-9050,https://securityvulnerability.io/vulnerability/CVE-2024-9050,Networkmanager-libreswan: local privilege escalation via leftupdown,"A security flaw exists in the libreswan client plugin for NetworkManager, specifically within its handling of VPN configurations. This vulnerability arises from improper sanitation of the configuration input provided by local unprivileged users. This key-value format configuration management fails to adequately escape special characters, causing the application to misinterpret values as keys. This misconfiguration could allow malicious actors to manipulate key parameters such as 'leftupdown', which is capable of running executable commands. Because NetworkManager employs Polkit to permit unprivileged users to alter system network settings, an attacker could escalate privileges locally, potentially leading to root-level code execution on the affected system by crafting a malicious configuration.",Red Hat,"Red Hat Enterprise Linux 7.7 Advanced Update Support,Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9",7.8,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-10-22T13:15:00.000Z,0
CVE-2024-9979,https://securityvulnerability.io/vulnerability/CVE-2024-9979,Use-After-Free Vulnerability in PyO3 Could Lead to Memory Corruption or Crashes,"A flaw in PyO3 enables a use-after-free issue that can result in memory corruption or application crashes. This vulnerability stems from unsound borrowing from weak Python references, which could be exploited by attackers or inadvertently trigger instability in applications that rely on the affected library. Developers utilizing PyO3 should review their code for instances that may be influenced by this vulnerability and ensure they adopt the latest secure version to mitigate potential risks.",Red Hat,"Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-10-15T14:01:54.309Z,0
CVE-2024-9675,https://securityvulnerability.io/vulnerability/CVE-2024-9675,Buildah: buildah allows arbitrary directory mount,"A directory traversal vulnerability exists in Buildah, where cache mounts fail to properly validate user-specified paths against the designated cache directory. This flaw allows malicious users to utilize a 'RUN' instruction within a Container file to mount arbitrary directories from the host system into the container with read/write access. Such exploitation can lead to unauthorized access to host file systems, posing significant security risks for applications depending on Buildah.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Openshift Container Platform 4.13,Red Hat Openshift Container Platform 4.14,Red Hat Openshift Container Platform 4.15,Red Hat Openshift Container Platform 4.16,Red Hat Openshift Container Platform 4.17,Openshift Developer Tools And Services,Red Hat Enterprise Linux 7,Red Hat Openshift Container Platform 4,Red Hat Quay 3",7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-10-09T15:15:00.000Z,0
CVE-2024-8612,https://securityvulnerability.io/vulnerability/CVE-2024-8612,"QEMU Vendor Flaw Affectsvirtio-scsi, virtio-blk, and virtio-crypto Devices","A vulnerability exists within QEMU, particularly affecting the virtio-scsi, virtio-blk, and virtio-crypto devices. This arises from a flaw in the virtqueue_push process where the size parameter can exceed the actual data size sent to the guest. Consequently, when the dma_memory_unmap function is invoked, it may erroneously call the address_space_write function to write back potentially sensitive information. This process can inadvertently expose uninitialized data from the bounce buffer, leading to an information leak that poses a security risk.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",3.8,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-09-20T18:15:00.000Z,0
CVE-2024-8354,https://securityvulnerability.io/vulnerability/CVE-2024-8354,QEMU Flaw May Allow Guest User to Crash Host and Cause Denial of Service,A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.,Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-19T10:45:06.191Z,0
CVE-2024-8443,https://securityvulnerability.io/vulnerability/CVE-2024-8443,Heap-based buffer overflow vulnerability in libopensc OpenPGP driver could lead to arbitrary code execution,"A heap-based buffer overflow vulnerability exists within the libopensc OpenPGP driver. This vulnerability can be exploited by a crafted USB device or a smart card delivering malicious APDU responses during the card enrollment process using the `pkcs15-init` tool. This exploitation may allow attackers to execute arbitrary code, thereby compromising the integrity and confidentiality of the affected system.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",2.9,LOW,0.0004400000034365803,false,false,false,false,,false,false,2024-09-10T13:16:51.146Z,0
CVE-2024-8445,https://securityvulnerability.io/vulnerability/CVE-2024-8445,Insufficient Fix for Server Crash Vulnerability in 389-ds-base,"An insufficient input validation vulnerability exists in Red Hat 389 Directory Server (389-ds-base), which allows authenticated users to cause a server crash. This vulnerability arises when an authenticated user attempts to modify the `userPassword` attribute using malformed input. The fix for a previous vulnerability (CVE-2024-2199) did not address all potential scenarios, leaving certain versions of the server susceptible to this issue. It is crucial for users to be aware of this risk and to apply the necessary updates to ensure the security and stability of their deployment.",Red Hat,"Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.7,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-09-05T14:24:01.125Z,0
CVE-2024-8418,https://securityvulnerability.io/vulnerability/CVE-2024-8418,Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service,"Aardvark-dns has a vulnerability that allows attackers to conduct Denial of Service (DoS) attacks through improper handling of TCP DNS queries. The flaw arises from the serial processing of these queries, which permits an attacker to maintain a TCP connection indefinitely. This behavior can lead to the DNS server becoming unresponsive as legitimate queries time out, greatly affecting DNS service availability and disrupting normal operations for users.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",7.5,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-09-04T15:15:00.000Z,0
CVE-2024-8235,https://securityvulnerability.io/vulnerability/CVE-2024-8235,Crash of virtinterfaced Daemon Due to NULL Pointer Dereference,A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.,Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",6.2,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-08-30T17:15:00.000Z,0
CVE-2024-7006,https://securityvulnerability.io/vulnerability/CVE-2024-7006,Libtiff: null pointer dereference in tif_dirinfo.c,"A null pointer dereference flaw has been identified in the Libtiff library, particularly in the `tif_dirinfo.c` component. This vulnerability could be exploited by an attacker to manipulate memory allocation processes, resulting in application crashes. The attack exploits conditions such as restricting heap space or injecting faults, which triggers segmentation faults. As a result, affected applications may experience unexpected terminations, leading to service disruptions. Organizations using Libtiff within their applications should implement appropriate mitigations to protect against this vulnerability.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9",7.5,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2024-43168,https://securityvulnerability.io/vulnerability/CVE-2024-43168,Unbound: heap-buffer-overflow in unbound,"A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1,Red Hat Openstack Platform 18.0",4.8,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2024-43167,https://securityvulnerability.io/vulnerability/CVE-2024-43167,Segmentation Fault Vulnerability in Unbound's ub_ctx_set_fwd Function,"A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1,Red Hat Openstack Platform 18.0",2.8,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2024-7409,https://securityvulnerability.io/vulnerability/CVE-2024-7409,QEMU NBD Server Vulnerability: DoS Attack via Socket Closure,A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.,Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Openshift Container Platform 4.13,Red Hat Openshift Container Platform 4.15,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",,,0.0004600000102072954,false,false,false,false,,false,false,2024-08-05T13:19:27.498Z,0
CVE-2024-7383,https://securityvulnerability.io/vulnerability/CVE-2024-7383," libnbd TLS Verification Vulnerability Allows Man-in-the-Middle Attack","A security flaw exists in libnbd impacting the verification process of the NBD server's certificate during TLS connections. This weakness can lead to a man-in-the-middle attack, compromising the integrity and confidentiality of the NBD traffic. System administrators and users of affected Red Hat products should take immediate actions to apply the necessary updates to mitigate this vulnerability and secure their environments.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 8 Advanced Virtualization",7.4,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-08-05T13:19:13.933Z,0
CVE-2024-6655,https://securityvulnerability.io/vulnerability/CVE-2024-6655,Gtk3: gtk2: library injection from cwd,"A significant flaw has been identified within the GTK library, allowing an attacker to potentially inject a malicious library into a GTK application through manipulation of the current working directory. This vulnerability arises under specific conditions where the library path can be controlled, leading to possible exploitation of applications that utilize GTK for their graphical user interface. It poses risks to application integrity and could be exploited to execute arbitrary code in the context of the affected application. Mitigation and updates from vendors are essential to secure systems against this vulnerability.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9",7,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2024-07-16T15:15:00.000Z,0
CVE-2023-39329,https://securityvulnerability.io/vulnerability/CVE-2023-39329,Denial of Service Flaw in OpenJPEG Opj_t1_decode_cblks Function,"A flaw has been identified in the OpenJPEG imaging library that can lead to resource exhaustion. Specifically, the issue resides in the opj_t1_decode_cblks function within tcd.c. By processing a specially crafted image file, an attacker can exploit this vulnerability, potentially resulting in a denial of service condition.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-13T03:15:00.000Z,0
CVE-2023-39327,https://securityvulnerability.io/vulnerability/CVE-2023-39327,OpenJPEG Vulnerability Leads to Terminal Looping,"A vulnerability exists within the OpenJPEG library that can be exploited through specially crafted images. When such images are processed, the library may enter an infinite loop, resulting in excessive terminal output and potentially leading to resource exhaustion. This behavior can disrupt normal operations and diminish the availability of applications relying on the OpenJPEG library.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-13T03:15:00.000Z,0