cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9632,https://securityvulnerability.io/vulnerability/CVE-2024-9632,"X.org Server Flaw Allows Buffer Overflow, Denial of Service or Privilege Escalation","A flaw exists in the X.org server that stems from an improper handling of allocation size in the _XkbSetCompatMap function. This vulnerability allows a local attacker to potentially exploit this issue by sending a specially crafted payload, which could result in a buffer overflow condition. If successfully exploited, this vulnerability may lead to denial of service or enable local privilege escalation in environments where the X.org server operates with elevated permissions, specifically with root access. It is crucial for administrators to review their configurations and apply necessary security updates to mitigate the risks associated with this vulnerability.",Red Hat,",Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9.4 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-10-30T07:42:35.320Z,0
CVE-2024-9050,https://securityvulnerability.io/vulnerability/CVE-2024-9050,Networkmanager-libreswan: local privilege escalation via leftupdown,"A security flaw exists in the libreswan client plugin for NetworkManager, specifically within its handling of VPN configurations. This vulnerability arises from improper sanitation of the configuration input provided by local unprivileged users. This key-value format configuration management fails to adequately escape special characters, causing the application to misinterpret values as keys. This misconfiguration could allow malicious actors to manipulate key parameters such as 'leftupdown', which is capable of running executable commands. Because NetworkManager employs Polkit to permit unprivileged users to alter system network settings, an attacker could escalate privileges locally, potentially leading to root-level code execution on the affected system by crafting a malicious configuration.",Red Hat,"Red Hat Enterprise Linux 7.7 Advanced Update Support,Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9",7.8,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-10-22T13:15:00.000Z,0
CVE-2024-8445,https://securityvulnerability.io/vulnerability/CVE-2024-8445,Insufficient Fix for Server Crash Vulnerability in 389-ds-base,"An insufficient input validation vulnerability exists in Red Hat 389 Directory Server (389-ds-base), which allows authenticated users to cause a server crash. This vulnerability arises when an authenticated user attempts to modify the `userPassword` attribute using malformed input. The fix for a previous vulnerability (CVE-2024-2199) did not address all potential scenarios, leaving certain versions of the server susceptible to this issue. It is crucial for users to be aware of this risk and to apply the necessary updates to ensure the security and stability of their deployment.",Red Hat,"Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.7,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-09-05T14:24:01.125Z,0
CVE-2024-5953,https://securityvulnerability.io/vulnerability/CVE-2024-5953,Denial of Service Vulnerability in 389-ds-base LDAP Server,A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.,Red Hat,"Red Hat Directory Server 11.7 For Rhel 8,Red Hat Directory Server 11.9 For Rhel 8,Red Hat Directory Server 12.2 Eus For Rhel 9,Red Hat Directory Server 12.4 For Rhel 9,Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6",5.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-06-18T10:01:56.714Z,0
CVE-2023-46847,https://securityvulnerability.io/vulnerability/CVE-2023-46847,Squid: denial of service in http digest authentication,"Squid is affected by a vulnerability that enables remote attackers to exploit a Denial of Service condition through a buffer overflow. When configured to accept HTTP Digest Authentication, the software can be manipulated to write up to 2 MB of arbitrary data to heap memory, potentially crashing the service or consuming resources, leading to degraded performance or downtime.",Red Hat,"Red Hat Enterprise Linux 6 Extended Lifecycle Support,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7.6 Advanced Update Support,Red Hat Enterprise Linux 7.7 Advanced Update Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.1 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support",7.5,HIGH,0.03130999952554703,false,false,false,false,,false,false,2023-11-03T08:15:00.000Z,0