cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12084,https://securityvulnerability.io/vulnerability/CVE-2024-12084,Heap-based Buffer Overflow Vulnerability in Rsync Daemon by Red Hat,"A heap-based buffer overflow vulnerability has been identified in the rsync daemon, attributable to improper management of attacker-controlled checksum lengths (s2length). This weakness arises when the maximum digest length exceeds the designated fixed length of 16 bytes, allowing an attacker to exploit the flaw and write outside the allocated memory in the sum2 buffer. Such exploitation could potentially compromise system integrity and lead to unauthorized access or data manipulation.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",9.8,CRITICAL,0.0006300000241026282,false,,true,false,true,2025-01-15T17:00:18.000Z,false,true,true,2025-01-23T10:52:02.325Z,2025-01-15T14:16:35.363Z,6131
CVE-2024-8698,https://securityvulnerability.io/vulnerability/CVE-2024-8698,Flaw in SAML Signature Validation Method Allows Privilege Escalation or Impersonation Attacks,"CVE-2024-8698 is a privilege escalation and impersonation vulnerability located in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The vulnerability allows attackers to create crafted responses that can bypass validation, potentially leading to privilege escalation or impersonation attacks. The impact of the exploitation can have a high impact on confidentiality, with lower impacts on integrity and availability. The vulnerability is addressed in Keycloak version 25.0.6 and organizations using Keycloak are strongly recommended to install updates as soon as possible. It is also recommended to implement updates from other vendors who rely on Keycloak for identity and access management. Upgrading to the newest version may provide safety from future exploitation, but it does not remediate historic compromise. At the time of reporting, no active exploitation of this vulnerability by ransomware groups was reported.",Red Hat,"Red Hat Build Of Keycloak,Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 24,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Single Sign-on 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers",7.7,HIGH,0.0007099999929778278,false,,true,false,true,2024-09-25T18:56:46.000Z,true,false,false,,2024-09-19T15:48:18.464Z,0
CVE-2024-3183,https://securityvulnerability.io/vulnerability/CVE-2024-3183,FreeIPA Vulnerability Allows Brute Force Attacks on Principal Passwords,"A vulnerability exists in FreeIPA related to the Kerberos ticket-granting service (TGS) request encryption method used during the authentication process. The issue arises when a TGS-REQ is encrypted with the client's session key, while the contained ticket relies on the target principal key for encryption. This situation exposes user principals to potential compromise, as the target key is derived from a password hash combined with a public, randomly-generated salt. If an attacker manages to compromise any principal, they can potentially decrypt tickets intended for other principals. This opens the door for brute-force attacks, allowing the acquisition of valid credentials by testing character strings against the encrypted tickets and salts offline.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support",8.1,HIGH,0.0010499999625608325,false,,false,false,true,2024-08-14T23:24:58.000Z,true,false,false,,2024-06-12T08:18:51.691Z,0
CVE-2024-6409,https://securityvulnerability.io/vulnerability/CVE-2024-6409,Signal Handler Race Condition Vulnerability in OpenSSH sshd,"A race condition vulnerability exists in how signals are managed by OpenSSH's server (sshd). This issue arises when signals are processed asynchronously after a remote attacker fails to authenticate within a designated time frame. The asynchronous execution of the SIGALRM handler invokes various functions, including syslog(), which are not considered safe for asynchronous signal execution. Exploiting this vulnerability may lead to unauthorized remote code execution by an attacker as an unprivileged user on the affected server, endangering the integrity and security of the system. Administrators are urged to apply relevant patches and updates to mitigate these risks.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",7,HIGH,0.0004400000034365803,false,,true,false,true,2024-07-10T03:26:35.000Z,,true,false,,2024-07-08T17:57:10.517Z,6583
CVE-2024-6387,https://securityvulnerability.io/vulnerability/CVE-2024-6387,Signal Handler Race Condition in OpenSSH's Server,"A regression vulnerability discovered in OpenSSH's server (sshd) involves a race condition affecting the handling of signals. This vulnerability allows an attacker to exploit the sshd service by failing to authenticate within a specified timeframe. If successfully triggered, this flaw could alter the normal operation of the sshd service. As a result, an unauthenticated remote attacker may gain the ability to execute arbitrary code, potentially compromising the affected system. This vulnerability underscores the importance of timely security updates and robust configurations to safeguard systems running OpenSSH.",Red Hat,"Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Openshift Container Platform 4",8.1,HIGH,0.0026100000832229853,false,,true,false,true,2024-07-01T01:00:00.000Z,true,true,true,2024-07-02T07:44:21.436Z,2024-07-01T12:37:25.431Z,159237
CVE-2024-3154,https://securityvulnerability.io/vulnerability/CVE-2024-3154,Arbitrary Systemd Property Injection Vulnerability in cri-o,"A vulnerability exists in the cri-o container runtime where attackers can inject arbitrary systemd properties through Pod annotations. This flaw allows any user with the capability to create a Pod to conduct unauthorized actions on the host system, posing significant security risks. Organizations utilizing affected versions of cri-o are advised to implement mitigations and updates to prevent potential exploitation.",Red Hat,"Red Hat Openshift Container Platform 4.12,Red Hat Openshift Container Platform 4.14,Red Hat Openshift Container Platform 4.15,Red Hat Openshift Container Platform 3.11",7.2,HIGH,0.0004400000034365803,false,,false,false,true,2024-04-29T13:03:11.000Z,true,false,false,,2024-04-26T04:15:00.000Z,0