cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12243,https://securityvulnerability.io/vulnerability/CVE-2024-12243,Denial-of-Service Vulnerability in GnuTLS Affecting libtasn1,"A vulnerability has been identified in GnuTLS due to an inefficient algorithm within libtasn1 responsible for ASN.1 data processing. This flaw permits a remote attacker to craft specific DER-encoded certificates that can compel GnuTLS to consume excessive resources, leading to potential unresponsiveness or slow performance. Consequently, this may result in a denial-of-service condition, disrupting normal operations.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,false,,2025-02-10T15:28:10.328Z,0
CVE-2024-12133,https://securityvulnerability.io/vulnerability/CVE-2024-12133,Denial of Service Vulnerability in libtasn1 Affects Red Hat Products,"A vulnerability in libtasn1 leads to inefficient processing of certain certificate data, particularly when handling a large number of elements. This inefficiency can result in excessive delays or system crashes. Attackers could exploit this flaw by sending a specially crafted certificate, which may disrupt service availability and lead to denial of service conditions in affected systems.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,false,,2025-02-10T15:28:03.193Z,0
CVE-2024-11831,https://securityvulnerability.io/vulnerability/CVE-2024-11831,Cross-site Scripting Vulnerability in Serialize-Javascript by Yahoo,"A vulnerability exists in the serialize-javascript module due to inadequate sanitization of inputs, particularly JavaScript object types and regex expressions. This flaw allows attackers to inject malicious code that may be executed in a web browser context when the serialized data is deserialized. This poses significant risks in scenarios where the serialized outputs are shared with web clients, rendering the web applications reliant on this package susceptible to XSS attacks.",Red Hat,"Red Hat Advanced Cluster Security 4.5,Cryostat 3,Logging Subsystem For Red Hat Openshift,Migration Toolkit For Applications 7,Migration Toolkit For Virtualization,.net 6.0 On Red Hat Enterprise Linux,Openshift Lightspeed,Openshift Pipelines,Openshift Serverless,Openshift Service Mesh 2,Red Hat 3scale Api Management Platform 2,Red Hat Advanced Cluster Management For Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Discovery,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Openshift Ai (rhoai),Red Hat Openshift Container Platform 3.11,Red Hat Openshift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Dev Spaces,Red Hat Openshift Distributed Tracing 3,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Trusted Profile Analyzer",5.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,false,,2025-02-10T15:27:46.732Z,0
CVE-2025-0650,https://securityvulnerability.io/vulnerability/CVE-2025-0650,Access Control Flaw in Open Virtual Network by Red Hat,"A flaw exists in the Open Virtual Network (OVN) where specially crafted UDP packets can bypass egress access control lists (ACLs). This vulnerability is present when a logical switch with DNS records configured and associated egress ACLs is utilized. Attackers could potentially exploit this flaw to gain unauthorized access to virtual machines and containers, leading to security breaches in OVN networks.",Red Hat,"Fast Datapath For Red Hat Enterprise Linux 8,Fast Datapath For Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",8.1,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-23T16:34:31.390Z,0
CVE-2024-11218,https://securityvulnerability.io/vulnerability/CVE-2024-11218,Container Breakout Vulnerability in Podman and Buildah,"A vulnerability exists in Podman and Buildah that allows for a container breakout, particularly when using the '--jobs=2' option during the build process of a malicious Containerfile. This vulnerability exploits a race condition that may lead to the exposure of files and directories on the host system. Though using SELinux can provide some degree of mitigation, it does not completely prevent the enumeration of sensitive host file systems, posing a risk for affected users.",Red Hat,"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9.4 Extended Update Support,Red Hat Openshift Container Platform 4.16,Red Hat Openshift Container Platform 4.17,Red Hat Enterprise Linux 8,Red Hat Openshift Container Platform 4",8.6,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-22T04:55:30.649Z,359
CVE-2024-12084,https://securityvulnerability.io/vulnerability/CVE-2024-12084,Heap-based Buffer Overflow Vulnerability in Rsync Daemon by Red Hat,"A heap-based buffer overflow vulnerability has been identified in the rsync daemon, attributable to improper management of attacker-controlled checksum lengths (s2length). This weakness arises when the maximum digest length exceeds the designated fixed length of 16 bytes, allowing an attacker to exploit the flaw and write outside the allocated memory in the sum2 buffer. Such exploitation could potentially compromise system integrity and lead to unauthorized access or data manipulation.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",9.8,CRITICAL,0.0006300000241026282,false,,true,false,true,2025-01-15T17:00:18.000Z,false,true,true,2025-01-23T10:52:02.325Z,2025-01-15T14:16:35.363Z,6131
CVE-2024-11029,https://securityvulnerability.io/vulnerability/CVE-2024-11029,Flaw in FreeIPA API Audit Leads to Credential Exposure,"A significant flaw was identified in the FreeIPA API audit process where it logs entire FreeIPA command lines to journalctl. This flaw leads to unintended leakage of sensitive information, particularly administrative user credentials, during the installation phase. If the journal log is centralized, individuals with access to these logs could improperly obtain the administrator's password, posing a serious security risk. Proper remediation and patching are essential to protect administrative accounts and sensitive data.",Red Hat,"Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8",5.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-15T12:55:30.964Z,0
CVE-2024-12085,https://securityvulnerability.io/vulnerability/CVE-2024-12085,Rsync Daemon Memory Leak Vulnerability in Red Hat Products,"A vulnerability exists in the rsync daemon which can be exploited during the comparison of file checksums. An attacker can manipulate the checksum length, leading to potential leaks of one byte of uninitialized stack data at a time. This weakness could allow unauthorized access to sensitive information in memory, posing a security risk to affected systems.",Red Hat,"Red Hat Enterprise Linux 6 Extended Lifecycle Support  - Extension,Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9.4 Extended Update Support,Red Hat Openshift Container Platform 4.16,Red Hat Openshift Container Platform 4.17,Logging Subsystem For Red Hat Openshift",7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,242
CVE-2024-12087,https://securityvulnerability.io/vulnerability/CVE-2024-12087,Path Traversal Vulnerability in rsync Affects Red Hat,"A path traversal vulnerability in rsync allows a malicious server to exploit the `--inc-recursive` option, which is often enabled by default. This vulnerability arises from insufficient symlink verification and deduplication checks that occur on a per-file-list basis. An attacker could leverage this flaw to write files outside of the client's intended destination directory, potentially placing harmful files in arbitrary locations that mimic valid directories and paths on the client system.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-12088,https://securityvulnerability.io/vulnerability/CVE-2024-12088,Path Traversal Vulnerability in Rsync Affects Multiple Platforms,"A vulnerability exists in Rsync when utilizing the `--safe-links` option. The software fails to properly validate symbolic link destinations, allowing the potential for a path traversal attack. This flaw may permit unauthorized file writes to locations outside the intended directory, posing a significant risk to systems using affected Rsync versions. It is crucial for users to evaluate their use of Rsync and apply any necessary patches to mitigate this risk.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-12086,https://securityvulnerability.io/vulnerability/CVE-2024-12086,File Enumeration Vulnerability in rsync by Red Hat,"A vulnerability in rsync has been identified that allows a server to expose the contents of files located on a client's machine. This issue arises during the process of file synchronization, where the rsync server transmits checksums of its local files to a client for comparison, determining which files need to be transferred. By exploiting this vulnerability, an attacker can craft specific checksum values to coax the rsync server into divulging sensitive information about arbitrary files. This enables a potential attacker to reconstruct the data from these files byte by byte, posing a significant risk to the integrity and confidentiality of sensitive information.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-14T17:37:54.960Z,0
CVE-2025-0306,https://securityvulnerability.io/vulnerability/CVE-2025-0306,Ruby Interpreter Vulnerability Affecting Messaging Security,"A vulnerability exists within the Ruby interpreter that is susceptible to the Marvin Attack. This weakness enables attackers to decrypt previously secured messages and fabricate signatures. By exchanging an extensive number of messages with the affected Ruby service, an attacker can compromise the integrity and confidentiality of the communication, posing significant risks to sensitive data.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Storage 3",7.4,HIGH,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-09T04:05:42.194Z,0
CVE-2024-56827,https://securityvulnerability.io/vulnerability/CVE-2024-56827,Heap Buffer Overflow in OpenJPEG Project Affecting Multiple Applications,"A vulnerability exists in the OpenJPEG project, where a heap buffer overflow may occur when specific parameters are utilized within the opj_decompress utility. This flaw can lead to application crashes or unpredictable behavior, compromising software reliability and security. Users are encouraged to review their OpenJPEG implementations and apply necessary mitigations to safeguard against potential exploitation.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.6,MEDIUM,0.0004199999966658652,false,,false,false,false,,false,false,false,,2025-01-09T03:40:30.512Z,0
CVE-2024-56826,https://securityvulnerability.io/vulnerability/CVE-2024-56826,Heap Buffer Overflow in OpenJPEG Affects Multiple Releases,"A heap buffer overflow vulnerability has been identified within the OpenJPEG project. This flaw arises when using specific options with the opj_decompress utility. Exploitation of this vulnerability may lead to application crashes or unexpected behavior, posing potential risks to data integrity and system stability. Users are advised to evaluate their use of affected OpenJPEG versions and implement necessary updates.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.6,MEDIUM,0.0004199999966658652,false,,false,false,false,,false,false,false,,2025-01-09T03:40:24.613Z,0
CVE-2024-49395,https://securityvulnerability.io/vulnerability/CVE-2024-49395,Leakage of Bcc Email Header Field via Inference from Recipients Information,"In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-12T02:08:03.548Z,0
CVE-2024-49394,https://securityvulnerability.io/vulnerability/CVE-2024-49394,Unsigned In-Reply-To Emails Vulnerability Allows Impersonation,In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.,Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-12T02:07:19.551Z,0
CVE-2024-49393,https://securityvulnerability.io/vulnerability/CVE-2024-49393,Email header validation vulnerability risk,"In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-11-12T01:55:40.765Z,0
CVE-2024-9632,https://securityvulnerability.io/vulnerability/CVE-2024-9632,"X.org Server Flaw Allows Buffer Overflow, Denial of Service or Privilege Escalation","A flaw exists in the X.org server that stems from an improper handling of allocation size in the _XkbSetCompatMap function. This vulnerability allows a local attacker to potentially exploit this issue by sending a specially crafted payload, which could result in a buffer overflow condition. If successfully exploited, this vulnerability may lead to denial of service or enable local privilege escalation in environments where the X.org server operates with elevated permissions, specifically with root access. It is crucial for administrators to review their configurations and apply necessary security updates to mitigate the risks associated with this vulnerability.",Red Hat,",Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9.4 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-30T07:42:35.320Z,0
CVE-2024-9050,https://securityvulnerability.io/vulnerability/CVE-2024-9050,Networkmanager-libreswan: local privilege escalation via leftupdown,"A security flaw exists in the libreswan client plugin for NetworkManager, specifically within its handling of VPN configurations. This vulnerability arises from improper sanitation of the configuration input provided by local unprivileged users. This key-value format configuration management fails to adequately escape special characters, causing the application to misinterpret values as keys. This misconfiguration could allow malicious actors to manipulate key parameters such as 'leftupdown', which is capable of running executable commands. Because NetworkManager employs Polkit to permit unprivileged users to alter system network settings, an attacker could escalate privileges locally, potentially leading to root-level code execution on the affected system by crafting a malicious configuration.",Red Hat,"Red Hat Enterprise Linux 7.7 Advanced Update Support,Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9",7.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-10-22T13:15:00.000Z,0
CVE-2024-9676,https://securityvulnerability.io/vulnerability/CVE-2024-9676,Podman Vulnerable to Symlink Traversal Attack,"A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.",Red Hat,",Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.4 Extended Update Support,Red Hat Openshift Container Platform 4.12,Red Hat Openshift Container Platform 4.13,Red Hat Openshift Container Platform 4.14,Red Hat Openshift Container Platform 4.15,Red Hat Openshift Container Platform 4.16,Red Hat Openshift Container Platform 4.17,Openshift Developer Tools And Services,Red Hat Openshift Container Platform 4,Red Hat Quay 3",6.5,MEDIUM,0.001120000029914081,false,,false,false,false,,,false,false,,2024-10-15T15:27:33.665Z,0
CVE-2024-9979,https://securityvulnerability.io/vulnerability/CVE-2024-9979,Use-After-Free Vulnerability in PyO3 Could Lead to Memory Corruption or Crashes,"A flaw in PyO3 enables a use-after-free issue that can result in memory corruption or application crashes. This vulnerability stems from unsound borrowing from weak Python references, which could be exploited by attackers or inadvertently trigger instability in applications that rely on the affected library. Developers utilizing PyO3 should review their code for instances that may be influenced by this vulnerability and ensure they adopt the latest secure version to mitigate potential risks.",Red Hat,"Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-15T14:01:54.309Z,0
CVE-2024-8612,https://securityvulnerability.io/vulnerability/CVE-2024-8612,"QEMU Vendor Flaw Affectsvirtio-scsi, virtio-blk, and virtio-crypto Devices","A vulnerability exists within QEMU, particularly affecting the virtio-scsi, virtio-blk, and virtio-crypto devices. This arises from a flaw in the virtqueue_push process where the size parameter can exceed the actual data size sent to the guest. Consequently, when the dma_memory_unmap function is invoked, it may erroneously call the address_space_write function to write back potentially sensitive information. This process can inadvertently expose uninitialized data from the bounce buffer, leading to an information leak that poses a security risk.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",3.8,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-20T18:15:00.000Z,0
CVE-2024-8354,https://securityvulnerability.io/vulnerability/CVE-2024-8354,QEMU Flaw May Allow Guest User to Crash Host and Cause Denial of Service,A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.,Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-19T10:45:06.191Z,0
CVE-2024-8443,https://securityvulnerability.io/vulnerability/CVE-2024-8443,Heap-based buffer overflow vulnerability in libopensc OpenPGP driver could lead to arbitrary code execution,"A heap-based buffer overflow vulnerability exists within the libopensc OpenPGP driver. This vulnerability can be exploited by a crafted USB device or a smart card delivering malicious APDU responses during the card enrollment process using the `pkcs15-init` tool. This exploitation may allow attackers to execute arbitrary code, thereby compromising the integrity and confidentiality of the affected system.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",2.9,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-09-10T13:16:51.146Z,0
CVE-2024-8445,https://securityvulnerability.io/vulnerability/CVE-2024-8445,Insufficient Fix for Server Crash Vulnerability in 389-ds-base,"An insufficient input validation vulnerability exists in Red Hat 389 Directory Server (389-ds-base), which allows authenticated users to cause a server crash. This vulnerability arises when an authenticated user attempts to modify the `userPassword` attribute using malformed input. The fix for a previous vulnerability (CVE-2024-2199) did not address all potential scenarios, leaving certain versions of the server susceptible to this issue. It is crucial for users to be aware of this risk and to apply the necessary updates to ensure the security and stability of their deployment.",Red Hat,"Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.7,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-09-05T14:24:01.125Z,0