cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8445,https://securityvulnerability.io/vulnerability/CVE-2024-8445,Insufficient Fix for Server Crash Vulnerability in 389-ds-base,"An insufficient input validation vulnerability exists in Red Hat 389 Directory Server (389-ds-base), which allows authenticated users to cause a server crash. This vulnerability arises when an authenticated user attempts to modify the `userPassword` attribute using malformed input. The fix for a previous vulnerability (CVE-2024-2199) did not address all potential scenarios, leaving certain versions of the server susceptible to this issue. It is crucial for users to be aware of this risk and to apply the necessary updates to ensure the security and stability of their deployment.",Red Hat,"Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.7,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-09-05T14:24:01.125Z,0
CVE-2024-6237,https://securityvulnerability.io/vulnerability/CVE-2024-6237,389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request,"A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.",Red Hat,"Red Hat Directory Server 12.4 For Rhel 9,Red Hat Enterprise Linux 9,Red Hat Directory Server 11,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8",6.5,MEDIUM,0.0006900000153109431,false,false,false,false,,false,false,2024-07-09T17:15:00.000Z,0
CVE-2024-5953,https://securityvulnerability.io/vulnerability/CVE-2024-5953,Denial of Service Vulnerability in 389-ds-base LDAP Server,A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.,Red Hat,"Red Hat Directory Server 11.7 For Rhel 8,Red Hat Directory Server 11.9 For Rhel 8,Red Hat Directory Server 12.2 Eus For Rhel 9,Red Hat Directory Server 12.4 For Rhel 9,Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6",5.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-06-18T10:01:56.714Z,0
CVE-2024-3657,https://securityvulnerability.io/vulnerability/CVE-2024-3657,LDAP Query Flaw Leads to Denial of Service on 389-ds-base Directory Server,"A vulnerability exists in the 389-ds-base software, where an attacker can exploit a specially-crafted Lightweight Directory Access Protocol (LDAP) query. This exploitation can lead to a failure of the directory server, resulting in a denial of service (DoS). The flaw presents a significant risk for users relying on the directory service for critical operations and could disrupt network communications. It is crucial for organizations using this product to monitor their systems and apply necessary patches to mitigate the risk.",Red Hat,"Red Hat Directory Server 11.7 For Rhel 8,Red Hat Directory Server 11.8 For Rhel 8,Red Hat Directory Server 11.9 For Rhel 8,Red Hat Directory Server 12.2 Eus For Rhel 9,Red Hat Directory Server 12.4 For Rhel 9,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6",7.5,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2024-05-28T12:53:03.399Z,0
CVE-2024-1394,https://securityvulnerability.io/vulnerability/CVE-2024-1394,Memory Leak Vulnerability in Golang RSA Code Could Lead to Resource Exhaustion,"A memory leak flaw has been identified in the RSA encrypting and decrypting code of the Golang FIPS OpenSSL library. This issue arises from improper handling of named return parameters, specifically within the RSA library's context initialization process. When errors occur during context initialization or property settings, the related pointers, namely 'pkey' and 'ctx', are left unfreed, leading to a potential resource exhaustion vulnerability. Attackers can exploit this flaw through crafted inputs, causing the application to exhaust memory resources.",Red Hat,"Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9,Red Hat Developer Tools,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Openshift Container Platform 4.12,Red Hat Openshift Container Platform 4.13,Red Hat Openshift Container Platform 4.14,Red Hat Openshift Container Platform 4.15,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1 For Rhel 8,Red Hat Openstack Platform 17.1 For Rhel 9,Rhodf-4.16-rhel-9,Nbde Tang Server,Openshift Developer Tools And Services,Openshift Pipelines,Openshift Serverless,Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Automation Platform 2,Red Hat Certification For Red Hat Enterprise Linux 8,Red Hat Certification For Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 7,Red Hat Openshift Container Platform 4,Red Hat Openshift Container Storage 4,Red Hat Openshift Dev Spaces,Red Hat Openshift Gitops,Red Hat Openshift On Aws,Red Hat Openshift Virtualization 4,Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 17.1,Red Hat Openstack Platform 18.0,Red Hat Service Interconnect 1,Red Hat Software Collections,Red Hat Storage 3",7.5,HIGH,0.0006900000153109431,false,false,false,false,,false,false,2024-03-21T12:16:38.790Z,0
CVE-2024-21886,https://securityvulnerability.io/vulnerability/CVE-2024-21886,Heap Buffer Overflow Flaw in X.Org Server Could Lead to Application Crash or Remote Code Execution,"A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.",Red Hat,"Xorg-server,Xwayland,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Fedora",,,0.0004400000034365803,false,false,false,false,,false,false,2024-02-28T12:13:12.555Z,0
CVE-2024-1062,https://securityvulnerability.io/vulnerability/CVE-2024-1062,Heap Overflow Flaw Leads to Denial of Service in 389-ds-base,A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.,Red Hat,"Red Hat Directory Server 11.7 For Rhel 8,Red Hat Directory Server 11.8 For Rhel 8,Red Hat Directory Server 12.2 Eus For Rhel 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Directory Server 12,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9",5.5,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-02-12T13:04:39.944Z,0
CVE-2024-0229,https://securityvulnerability.io/vulnerability/CVE-2024-0229,"X.Org Server Vulnerability Could Lead to Application Crash, Privilege Escalation, or Remote Code Execution","The vulnerability arises from an out-of-bounds memory access flaw present in the X.Org server, a software that handles graphical displays in Unix-like operating systems. This flaw is triggered when a device that has been 'frozen' by a sync grab is subsequently reattached to a new master device, creating a condition where improper memory access can occur. Exploitation of this vulnerability may lead to application crashes, and in scenarios where the server operates with elevated privileges, it could enable local privilege escalation. Additionally, in environments that utilize SSH X11 forwarding, this defect poses a risk of remote code execution, presenting significant security challenges for users relying on this system.",Red Hat,"xorg-server,xwayland,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Fedora",7.8,HIGH,0.0012499999720603228,false,false,false,false,,false,false,2024-02-09T06:29:51.542Z,0
CVE-2024-0409,https://securityvulnerability.io/vulnerability/CVE-2024-0409,Xorg-x11-server: selinux context corruption,"A vulnerability exists within the X.Org server that affects the cursor code utilized in both Xephyr and Xwayland. The issue arises from the use of an incorrect type of private at the cursor's creation, specifically using the cursor bits type. This misconfiguration leads to overwriting of the XSELINUX context during the cursor initialization process, potentially compromising system security and functionality. Users of these products should evaluate their configurations and consider applying relevant patches to mitigate potential risks associated with this vulnerability.",Red Hat,"Xorg-server,Xwayland,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2024-01-18T15:40:22.071Z,0
CVE-2024-0408,https://securityvulnerability.io/vulnerability/CVE-2024-0408,Xorg-x11-server: selinux unlabeled glx pbuffer,"A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.",Red Hat,"Xorg-server,Xwayland,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",5.5,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2024-01-18T15:40:06.955Z,0
CVE-2023-5574,https://securityvulnerability.io/vulnerability/CVE-2023-5574,Xorg-x11-server: use-after-free bug in damagedestroy,"A use-after-free vulnerability has been identified in the xorg-x11-server-Xvfb component, which is particularly prone in legacy configurations involving multi-screen setups, commonly referred to as Zaphod mode. This issue arises when a pointer is moved from one screen to another (from screen 1 to screen 0) during the shutdown or reset of the Xvfb server, potentially leading to privilege escalation or a denial of service. System administrators utilizing this server configuration should take urgent measures to mitigate risks associated with this flaw.",Red Hat,"xorg-server,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",7,HIGH,0.0037499999161809683,false,false,false,false,,false,false,2023-10-25T20:15:00.000Z,0
CVE-2022-4132,https://securityvulnerability.io/vulnerability/CVE-2022-4132,Memory leak on tls connections,A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).,Red Hat,"Jss,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Jboss Web Server 3,Red Hat Jboss Web Server 5,Extra Packages For Enterprise Linux,Fedora",5.9,MEDIUM,0.0007900000200606883,false,false,false,false,,false,false,2023-10-04T11:26:11.191Z,0
CVE-2022-4245,https://securityvulnerability.io/vulnerability/CVE-2022-4245,Codehaus-plexus: xml external entity (xxe) injection,A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.,Red Hat,"Rhint Camel-k-1.10.1,RHPam 7.13.1 Async,A-MQ Clients 2,Red Hat A-MQ Online,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Integration Camel Quarkus,Red Hat Integration Change Data Capture,Red Hat Integration Service Registry,Red Hat Jboss A-MQ 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Web Server 3,Red Hat Jboss Web Server 5,Red Hat Openshift Application Runtimes,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Red Hat Software Collections,Red Hat Support For Spring Boot",4.3,MEDIUM,0.0034099998883903027,false,false,false,false,,false,false,2023-09-25T19:20:57.329Z,0
CVE-2022-4244,https://securityvulnerability.io/vulnerability/CVE-2022-4244,Codehaus-plexus: directory traversal,"A directory traversal vulnerability exists within the Codeplex-Codehaus product, enabling attackers to exploit the flaw by using sequences such as 'dot-dot-slash (../)' or absolute file paths. This could allow unauthorized access to sensitive files and directories beyond the designated folder structure. Exploitation of this vulnerability can potentially expose critical resources, including application source code, configuration files, and other sensitive system files, posing significant risks to system security and integrity.",Red Hat,"Rhint Camel-k-1.10.1,RHPam 7.13.1 Async,A-MQ Clients 2,Red Hat A-MQ Online,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Integration Camel Quarkus,Red Hat Integration Change Data Capture,Red Hat Integration Service Registry,Red Hat Jboss A-MQ 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Web Server 3,Red Hat Jboss Web Server 5,Red Hat Openshift Application Runtimes,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Red Hat Software Collections,Red Hat Support For Spring Boot",7.5,HIGH,0.001120000029914081,false,false,false,false,,false,false,2023-09-25T19:20:04.703Z,0