cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-1932,https://securityvulnerability.io/vulnerability/CVE-2023-1932,HTML Injection Vulnerability in Hibernate Validator,"A flaw exists in the 'isValid' method within the SafeHtmlValidator class of Hibernate Validator that allows for potential HTML injection and Cross-Site Scripting (XSS) attacks. This vulnerability occurs due to the improper handling of HTML tags, specifically when tag endings are omitted in a less-than character format. Consequently, browsers may render invalid HTML, which could be exploited by attackers to inject malicious scripts, compromising the security of affected applications.",Red Hat,"A-MQ Clients 2,Cryostat 2,Red Hat AMQ Broker 7,Red Hat A-MQ Online,Red Hat Bpm Suite 6,Red Hat Codeready Studio 12,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Fuse 7,Red Hat Jboss Brms 5,Red Hat Jboss Data Grid 7,Red Hat Jboss Data Virtualization 6,Red Hat Jboss Enterprise Application Platform 5,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Continuous Delivery,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Operations Network 3,Red Hat Jboss Soa Platform 5,Red Hat Openstack Platform 10 (newton),Red Hat Openstack Platform 13 (queens),Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Support For Spring Boot,Streams For Apache Kafka",6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-07T10:00:51.745Z,0
CVE-2023-3153,https://securityvulnerability.io/vulnerability/CVE-2023-3153,Service monitor mac flow is not rate limited,"A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.",Red Hat,"Ovn,Fast Datapath For Rhel 7,Fast Datapath For Rhel 8,Fast Datapath For Rhel 9,Red Hat Openshift Container Platform 4,Red Hat Openstack Platform 13 (queens),Fedora",5.3,MEDIUM,0.0013200000394135714,false,,false,false,false,,,false,false,,2023-10-04T12:15:00.000Z,0
CVE-2023-3223,https://securityvulnerability.io/vulnerability/CVE-2023-3223,Undertow: outofmemoryerror due to @multipartconfig handling,"A vulnerability has been identified in Undertow, where servlets annotated with @MultipartConfig may lead to an OutOfMemoryError during processing of large multipart content submissions. This flaw can enable unauthorized users to launch remote Denial of Service attacks. Importantly, if file size thresholds are employed to restrict uploads, attackers can bypass these limits by manipulating the request to set the file name to null, thus exploiting this weakness.",Red Hat,"Red Hat Fuse 7.12.1,Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Single Sign-on 7.6.5,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Integration Camel K,Red Hat Integration Service Registry,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Openstack Platform 13 (queens) Operational Tools,Red Hat Process Automation 7,Red Hat Support For Spring Boot",7.5,HIGH,0.011149999685585499,false,,false,false,false,,,false,false,,2023-09-27T15:18:00.000Z,0
CVE-2023-1636,https://securityvulnerability.io/vulnerability/CVE-2023-1636,Incomplete container isolation,"A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.",Red Hat,"Openstack-barbican,Red Hat Openstack Platform 13 (queens),Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.0,Openstack Rdo",6,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-09-24T01:15:00.000Z,0
CVE-2023-1625,https://securityvulnerability.io/vulnerability/CVE-2023-1625,Information leak in api,"An information leak has been identified in OpenStack Heat, allowing a remote authenticated attacker to exploit the 'stack show' command. This flaw permits the exposure of parameters that are intended to remain confidential, potentially compromising system integrity. It's crucial for users to assess their configurations and apply necessary security best practices to mitigate any risks linked to this vulnerability.",Red Hat,"Openstack-heat,Red Hat Openstack Platform 13 (queens),Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.0,Openstack Rdo",7.4,HIGH,0.0011699999449774623,false,,false,false,false,,,false,false,,2023-09-24T01:15:00.000Z,0
CVE-2023-1633,https://securityvulnerability.io/vulnerability/CVE-2023-1633,Insecure barbican configuration file leaking credential,"A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.",Red Hat,"Openstack-barbican,Red Hat Openstack Platform 13 (queens),Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.0,Openstack Rdo",6.6,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-09-24T01:15:00.000Z,0
CVE-2023-1108,https://securityvulnerability.io/vulnerability/CVE-2023-1108,Infinite loop in sslconduit during close,"A vulnerability has been identified within Undertow, affecting its SSL Conduit. This flaw stems from an unexpected handshake status update, which can cause an infinite loop, thereby resulting in a Denial of Service. Malicious actors could exploit this vulnerability to prevent legitimate access to the service, leading to disruptions. Users of Undertow are advised to apply the latest patches to mitigate the risk associated with this issue.",Red Hat,"undertow,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8,Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9,Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7,Red Hat JBoss Fuse 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7.6 for RHEL 7,Red Hat Single Sign-On 7.6 for RHEL 8,Red Hat Single Sign-On 7.6 for RHEL 9,RHEL-8 based Middleware Containers,Text-Only RHOAR,Red Hat build of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Integration Service Registry,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Fuse 6,Red Hat OpenStack Platform 13 (Queens),Red Hat Process Automation 7",7.5,HIGH,0.004100000020116568,false,,false,false,false,,,false,false,,2023-09-14T15:15:00.000Z,0
CVE-2023-2680,https://securityvulnerability.io/vulnerability/CVE-2023-2680,Dma reentrancy issue (incomplete fix for cve-2021-3750),"The vulnerability arises from an incomplete implementation of a previous fix for an earlier CVE, specifically related to the QEMU-KVM package in Red Hat Enterprise Linux 9.1. The version released under RHSA-2022:7967 inadvertently lacked the necessary correction for a known vulnerability identified as CVE-2021-3750, exposing systems to potential risks associated with that flaw. Users of Red Hat Enterprise Linux 9.1 should be aware of this issue and consider taking appropriate measures to mitigate any potential security threats.",Red Hat,"Qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Red Hat Openstack Platform 13 (queens),Fedora,Extra Packages For Enterprise Linux",7.5,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-09-13T17:15:00.000Z,0
CVE-2023-3301,https://securityvulnerability.io/vulnerability/CVE-2023-3301,Triggerable assertion due to race condition in hot-unplug,A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.,Red Hat,"Qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Red Hat Openstack Platform 13 (queens),Extra Packages For Enterprise Linux,Fedora",5.6,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-09-13T17:15:00.000Z,0
CVE-2023-3637,https://securityvulnerability.io/vulnerability/CVE-2023-3637,Openstack-neutron: unrestricted creation of security groups (fix for cve-2022-3277),"An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.",Red Hat,"Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 13 (queens) Operational Tools,Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 17.0,Red Hat Openstack Platform 17.1,Red Hat Openstack Platform 18.0",4.3,MEDIUM,0.0014299999456852674,false,,false,false,false,,,false,false,,2023-07-25T13:15:00.000Z,0
CVE-2023-3354,https://securityvulnerability.io/vulnerability/CVE-2023-3354,Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service,"A vulnerability has been identified within the built-in VNC server of QEMU, where improper handling of client connections can lead to a NULL pointer dereference. When multiple clients connect to the VNC server, QEMU attempts to manage the number of connections by cleaning up previous connections. If a previous connection is in the handshake phase and subsequently fails, QEMU may attempt to clean up this connection again, resulting in this security flaw. This may allow a remote unauthenticated attacker to exploit this issue and trigger a denial of service.",Red Hat,"Qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Red Hat Openstack Platform 13 (queens),Fedora,Extra Packages For Enterprise Linux",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2023-07-11T17:15:00.000Z,0