cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12084,https://securityvulnerability.io/vulnerability/CVE-2024-12084,Heap-based Buffer Overflow Vulnerability in Rsync Daemon by Red Hat,"A heap-based buffer overflow vulnerability has been identified in the rsync daemon, attributable to improper management of attacker-controlled checksum lengths (s2length). This weakness arises when the maximum digest length exceeds the designated fixed length of 16 bytes, allowing an attacker to exploit the flaw and write outside the allocated memory in the sum2 buffer. Such exploitation could potentially compromise system integrity and lead to unauthorized access or data manipulation.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",9.8,CRITICAL,0.0006300000241026282,false,true,false,true,false,true,false,2025-01-15T14:16:35.363Z,6131
CVE-2024-11029,https://securityvulnerability.io/vulnerability/CVE-2024-11029,Flaw in FreeIPA API Audit Leads to Credential Exposure,"A significant flaw was identified in the FreeIPA API audit process where it logs entire FreeIPA command lines to journalctl. This flaw leads to unintended leakage of sensitive information, particularly administrative user credentials, during the installation phase. If the journal log is centralized, individuals with access to these logs could improperly obtain the administrator's password, posing a serious security risk. Proper remediation and patching are essential to protect administrative accounts and sensitive data.",Red Hat,"Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8",5.5,MEDIUM,0.00044999999227002263,false,false,false,false,false,false,false,2025-01-15T12:55:30.964Z,0
CVE-2024-12088,https://securityvulnerability.io/vulnerability/CVE-2024-12088,Path Traversal Vulnerability in Rsync Affects Multiple Platforms,"A vulnerability exists in Rsync when utilizing the `--safe-links` option. The software fails to properly validate symbolic link destinations, allowing the potential for a path traversal attack. This flaw may permit unauthorized file writes to locations outside the intended directory, posing a significant risk to systems using affected Rsync versions. It is crucial for users to evaluate their use of Rsync and apply any necessary patches to mitigate this risk.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",6.5,MEDIUM,0.00044999999227002263,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-12087,https://securityvulnerability.io/vulnerability/CVE-2024-12087,Path Traversal Vulnerability in rsync Affects Red Hat,"A path traversal vulnerability in rsync allows a malicious server to exploit the `--inc-recursive` option, which is often enabled by default. This vulnerability arises from insufficient symlink verification and deduplication checks that occur on a per-file-list basis. An attacker could leverage this flaw to write files outside of the client's intended destination directory, potentially placing harmful files in arbitrary locations that mimic valid directories and paths on the client system.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",6.5,MEDIUM,0.00044999999227002263,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-12085,https://securityvulnerability.io/vulnerability/CVE-2024-12085,Rsync Daemon Memory Leak Vulnerability in Red Hat Products,"A vulnerability exists in the rsync daemon which can be exploited during the comparison of file checksums. An attacker can manipulate the checksum length, leading to potential leaks of one byte of uninitialized stack data at a time. This weakness could allow unauthorized access to sensitive information in memory, posing a security risk to affected systems.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Openshift Container Platform 4",7.5,HIGH,0.00044999999227002263,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,233
CVE-2024-12086,https://securityvulnerability.io/vulnerability/CVE-2024-12086,File Enumeration Vulnerability in rsync by Red Hat,"A vulnerability in rsync has been identified that allows a server to expose the contents of files located on a client's machine. This issue arises during the process of file synchronization, where the rsync server transmits checksums of its local files to a client for comparison, determining which files need to be transferred. By exploiting this vulnerability, an attacker can craft specific checksum values to coax the rsync server into divulging sensitive information about arbitrary files. This enables a potential attacker to reconstruct the data from these files byte by byte, posing a significant risk to the integrity and confidentiality of sensitive information.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",6.1,MEDIUM,0.00044999999227002263,false,false,false,false,false,false,false,2025-01-14T17:37:54.960Z,0
CVE-2025-0306,https://securityvulnerability.io/vulnerability/CVE-2025-0306,Ruby Interpreter Vulnerability Affecting Messaging Security,"A vulnerability exists within the Ruby interpreter that is susceptible to the Marvin Attack. This weakness enables attackers to decrypt previously secured messages and fabricate signatures. By exchanging an extensive number of messages with the affected Ruby service, an attacker can compromise the integrity and confidentiality of the communication, posing significant risks to sensitive data.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Storage 3",7.4,HIGH,0.000910000002477318,false,false,false,false,false,false,false,2025-01-09T04:05:42.194Z,0
CVE-2024-56827,https://securityvulnerability.io/vulnerability/CVE-2024-56827,Heap Buffer Overflow in OpenJPEG Project Affecting Multiple Applications,"A vulnerability exists in the OpenJPEG project, where a heap buffer overflow may occur when specific parameters are utilized within the opj_decompress utility. This flaw can lead to application crashes or unpredictable behavior, compromising software reliability and security. Users are encouraged to review their OpenJPEG implementations and apply necessary mitigations to safeguard against potential exploitation.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.6,MEDIUM,0.0004199999966658652,false,false,false,false,false,false,false,2025-01-09T03:40:30.512Z,0
CVE-2024-56826,https://securityvulnerability.io/vulnerability/CVE-2024-56826,Heap Buffer Overflow in OpenJPEG Affects Multiple Releases,"A heap buffer overflow vulnerability has been identified within the OpenJPEG project. This flaw arises when using specific options with the opj_decompress utility. Exploitation of this vulnerability may lead to application crashes or unexpected behavior, posing potential risks to data integrity and system stability. Users are advised to evaluate their use of affected OpenJPEG versions and implement necessary updates.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.6,MEDIUM,0.0004199999966658652,false,false,false,false,false,false,false,2025-01-09T03:40:24.613Z,0
CVE-2024-49395,https://securityvulnerability.io/vulnerability/CVE-2024-49395,Leakage of Bcc Email Header Field via Inference from Recipients Information,"In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-11-12T02:08:03.548Z,0
CVE-2024-49394,https://securityvulnerability.io/vulnerability/CVE-2024-49394,Unsigned In-Reply-To Emails Vulnerability Allows Impersonation,In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.,Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-11-12T02:07:19.551Z,0
CVE-2024-49393,https://securityvulnerability.io/vulnerability/CVE-2024-49393,Email header validation vulnerability risk,"In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.9,MEDIUM,0.0008699999889358878,false,false,false,false,,false,false,2024-11-12T01:55:40.765Z,0
CVE-2024-11079,https://securityvulnerability.io/vulnerability/CVE-2024-11079,Ansible-Core Vulnerability Allows Bypass of Unsafe Content Protections,A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.,Red Hat,"Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux Ai (rhel Ai)",5.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-11-12T00:15:00.000Z,0
CVE-2024-10963,https://securityvulnerability.io/vulnerability/CVE-2024-10963,Pam_Access Vulnerability: Bypassing Access Restrictions through Token Manipulation,"A vulnerability exists in PAM Access whereby certain entries in its configuration file can be incorrectly recognized as hostnames. This flaw enables attackers to masquerade as legitimate hostnames, potentially leading to unauthorized access to services and terminals. Systems leveraging PAM Access for managing user authentication could be compromised due to this misconfiguration issue, creating a significant risk for organizations relying on these security measures.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",7.4,HIGH,0.000910000002477318,false,false,false,false,,false,false,2024-11-07T16:02:34.873Z,0
CVE-2024-9632,https://securityvulnerability.io/vulnerability/CVE-2024-9632,"X.org Server Flaw Allows Buffer Overflow, Denial of Service or Privilege Escalation","A flaw exists in the X.org server that stems from an improper handling of allocation size in the _XkbSetCompatMap function. This vulnerability allows a local attacker to potentially exploit this issue by sending a specially crafted payload, which could result in a buffer overflow condition. If successfully exploited, this vulnerability may lead to denial of service or enable local privilege escalation in environments where the X.org server operates with elevated permissions, specifically with root access. It is crucial for administrators to review their configurations and apply necessary security updates to mitigate the risks associated with this vulnerability.",Red Hat,",Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9.4 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-10-30T07:42:35.320Z,0
CVE-2024-9050,https://securityvulnerability.io/vulnerability/CVE-2024-9050,Networkmanager-libreswan: local privilege escalation via leftupdown,"A security flaw exists in the libreswan client plugin for NetworkManager, specifically within its handling of VPN configurations. This vulnerability arises from improper sanitation of the configuration input provided by local unprivileged users. This key-value format configuration management fails to adequately escape special characters, causing the application to misinterpret values as keys. This misconfiguration could allow malicious actors to manipulate key parameters such as 'leftupdown', which is capable of running executable commands. Because NetworkManager employs Polkit to permit unprivileged users to alter system network settings, an attacker could escalate privileges locally, potentially leading to root-level code execution on the affected system by crafting a malicious configuration.",Red Hat,"Red Hat Enterprise Linux 7.7 Advanced Update Support,Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9",7.8,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-10-22T13:15:00.000Z,0
CVE-2024-9979,https://securityvulnerability.io/vulnerability/CVE-2024-9979,Use-After-Free Vulnerability in PyO3 Could Lead to Memory Corruption or Crashes,"A flaw in PyO3 enables a use-after-free issue that can result in memory corruption or application crashes. This vulnerability stems from unsound borrowing from weak Python references, which could be exploited by attackers or inadvertently trigger instability in applications that rely on the affected library. Developers utilizing PyO3 should review their code for instances that may be influenced by this vulnerability and ensure they adopt the latest secure version to mitigate potential risks.",Red Hat,"Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-10-15T14:01:54.309Z,0
CVE-2024-8612,https://securityvulnerability.io/vulnerability/CVE-2024-8612,"QEMU Vendor Flaw Affectsvirtio-scsi, virtio-blk, and virtio-crypto Devices","A vulnerability exists within QEMU, particularly affecting the virtio-scsi, virtio-blk, and virtio-crypto devices. This arises from a flaw in the virtqueue_push process where the size parameter can exceed the actual data size sent to the guest. Consequently, when the dma_memory_unmap function is invoked, it may erroneously call the address_space_write function to write back potentially sensitive information. This process can inadvertently expose uninitialized data from the bounce buffer, leading to an information leak that poses a security risk.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",3.8,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-09-20T18:15:00.000Z,0
CVE-2024-8354,https://securityvulnerability.io/vulnerability/CVE-2024-8354,QEMU Flaw May Allow Guest User to Crash Host and Cause Denial of Service,A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.,Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-19T10:45:06.191Z,0
CVE-2024-8939,https://securityvulnerability.io/vulnerability/CVE-2024-8939,Denial of Service Vulnerability in ilab Model Serve Component by Red Hat,"A vulnerability in the ilab model serve component could be exploited by sending a large value to the best_of parameter in its JSON web API, which is responsible for LLM-based sentence or chat completions. This improper handling can lead to unhandled timeouts and resource exhaustion, allowing attackers to overload the system. As a result, the API may become unresponsive, interrupting access for legitimate users and causing significant service disruptions.",Red Hat,",Red Hat Enterprise Linux Ai (rhel Ai)",6.2,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-17T17:15:00.000Z,0
CVE-2024-8775,https://securityvulnerability.io/vulnerability/CVE-2024-8775,Ansible Vault Flaw Exposes Sensitive Information in Plaintext,"A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.",Red Hat,"Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux Ai (rhel Ai)",5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-09-14T03:15:00.000Z,0
CVE-2024-8443,https://securityvulnerability.io/vulnerability/CVE-2024-8443,Heap-based buffer overflow vulnerability in libopensc OpenPGP driver could lead to arbitrary code execution,"A heap-based buffer overflow vulnerability exists within the libopensc OpenPGP driver. This vulnerability can be exploited by a crafted USB device or a smart card delivering malicious APDU responses during the card enrollment process using the `pkcs15-init` tool. This exploitation may allow attackers to execute arbitrary code, thereby compromising the integrity and confidentiality of the affected system.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",2.9,LOW,0.0004400000034365803,false,false,false,false,,false,false,2024-09-10T13:16:51.146Z,0
CVE-2024-8445,https://securityvulnerability.io/vulnerability/CVE-2024-8445,Insufficient Fix for Server Crash Vulnerability in 389-ds-base,"An insufficient input validation vulnerability exists in Red Hat 389 Directory Server (389-ds-base), which allows authenticated users to cause a server crash. This vulnerability arises when an authenticated user attempts to modify the `userPassword` attribute using malformed input. The fix for a previous vulnerability (CVE-2024-2199) did not address all potential scenarios, leaving certain versions of the server susceptible to this issue. It is crucial for users to be aware of this risk and to apply the necessary updates to ensure the security and stability of their deployment.",Red Hat,"Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.7,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-09-05T14:24:01.125Z,0
CVE-2024-8418,https://securityvulnerability.io/vulnerability/CVE-2024-8418,Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service,"Aardvark-dns has a vulnerability that allows attackers to conduct Denial of Service (DoS) attacks through improper handling of TCP DNS queries. The flaw arises from the serial processing of these queries, which permits an attacker to maintain a TCP connection indefinitely. This behavior can lead to the DNS server becoming unresponsive as legitimate queries time out, greatly affecting DNS service availability and disrupting normal operations for users.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",7.5,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-09-04T15:15:00.000Z,0
CVE-2024-8235,https://securityvulnerability.io/vulnerability/CVE-2024-8235,Crash of virtinterfaced Daemon Due to NULL Pointer Dereference,A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.,Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",6.2,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-08-30T17:15:00.000Z,0