cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1394,https://securityvulnerability.io/vulnerability/CVE-2024-1394,Memory Leak Vulnerability in Golang RSA Code Could Lead to Resource Exhaustion,"A memory leak flaw has been identified in the RSA encrypting and decrypting code of the Golang FIPS OpenSSL library. This issue arises from improper handling of named return parameters, specifically within the RSA library's context initialization process. When errors occur during context initialization or property settings, the related pointers, namely 'pkey' and 'ctx', are left unfreed, leading to a potential resource exhaustion vulnerability. Attackers can exploit this flaw through crafted inputs, causing the application to exhaust memory resources.",Red Hat,"Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9,Red Hat Developer Tools,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Openshift Container Platform 4.12,Red Hat Openshift Container Platform 4.13,Red Hat Openshift Container Platform 4.14,Red Hat Openshift Container Platform 4.15,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1 For Rhel 8,Red Hat Openstack Platform 17.1 For Rhel 9,Rhodf-4.16-rhel-9,Nbde Tang Server,Openshift Developer Tools And Services,Openshift Pipelines,Openshift Serverless,Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Automation Platform 2,Red Hat Certification For Red Hat Enterprise Linux 8,Red Hat Certification For Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 7,Red Hat Openshift Container Platform 4,Red Hat Openshift Container Storage 4,Red Hat Openshift Dev Spaces,Red Hat Openshift Gitops,Red Hat Openshift On Aws,Red Hat Openshift Virtualization 4,Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 17.1,Red Hat Openstack Platform 18.0,Red Hat Service Interconnect 1,Red Hat Software Collections,Red Hat Storage 3",7.5,HIGH,0.0006900000153109431,false,false,false,false,,false,false,2024-03-21T12:16:38.790Z,0
CVE-2023-5870,https://securityvulnerability.io/vulnerability/CVE-2023-5870,Postgresql: role pg_signal_backend can signal certain superuser processes.,"A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.",Red Hat,"Red Hat Advanced Cluster Security 4.2,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Software Collections For Red Hat Enterprise Linux 7,Rhacs-3.74-rhel-8,Rhacs-4.1-rhel-8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Software Collections",2.2,LOW,0.0018899999558925629,false,false,false,false,,false,false,2023-12-10T18:15:00.000Z,0
CVE-2023-5868,https://securityvulnerability.io/vulnerability/CVE-2023-5868,Postgresql: memory disclosure in aggregate function calls,"A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.",Red Hat,"Red Hat Advanced Cluster Security 4.2,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Software Collections For Red Hat Enterprise Linux 7,Rhacs-3.74-rhel-8,Rhacs-4.1-rhel-8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Software Collections",4.3,MEDIUM,0.003379999892786145,false,false,false,false,,false,false,2023-12-10T18:15:00.000Z,0
CVE-2023-5869,https://securityvulnerability.io/vulnerability/CVE-2023-5869,Postgresql: buffer overrun from integer overflow in array modification,"A flaw has been identified in PostgreSQL that enables authenticated users to execute arbitrary code due to a missing overflow check during SQL array value modifications. This vulnerability is triggered by an integer overflow resulting from specially crafted data, empowering users to write arbitrary bytes to memory and facilitating extensive read access to the server's memory. As a result, potential exploitation could lead to significant security risks within the database environment.",Red Hat,"Red Hat Advanced Cluster Security 4.2,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.1 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Software Collections For Red Hat Enterprise Linux 7,Rhacs-3.74-rhel-8,Rhacs-4.1-rhel-8,Red Hat Enterprise Linux 6",8.8,HIGH,0.041519999504089355,false,false,false,false,,false,false,2023-12-10T18:15:00.000Z,0
CVE-2022-4900,https://securityvulnerability.io/vulnerability/CVE-2022-4900,Potential buffer overflow in php_cli_server_startup_workers,A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.,Red Hat,"PHP,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Software Collections,Fedora",5.5,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2023-11-02T15:01:28.590Z,0
CVE-2023-5157,https://securityvulnerability.io/vulnerability/CVE-2023-5157,Mariadb: node crashes with transport endpoint is not connected mysqld got signal 6,"A vulnerability in MariaDB allows a malicious remote client to exploit the service through OpenVAS port scanning on ports 3306 and 4567. This can result in a denial of service, making the database unresponsive to legitimate requests and disrupting operations. It is crucial for users of the affected MariaDB versions to assess their vulnerability status and apply necessary updates to safeguard their systems.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Software Collections For Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7",7.5,HIGH,0.002420000033453107,false,false,false,false,,false,false,2023-09-27T15:19:00.000Z,0
CVE-2022-4245,https://securityvulnerability.io/vulnerability/CVE-2022-4245,Codehaus-plexus: xml external entity (xxe) injection,A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.,Red Hat,"Rhint Camel-k-1.10.1,RHPam 7.13.1 Async,A-MQ Clients 2,Red Hat A-MQ Online,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Integration Camel Quarkus,Red Hat Integration Change Data Capture,Red Hat Integration Service Registry,Red Hat Jboss A-MQ 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Web Server 3,Red Hat Jboss Web Server 5,Red Hat Openshift Application Runtimes,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Red Hat Software Collections,Red Hat Support For Spring Boot",4.3,MEDIUM,0.0034099998883903027,false,false,false,false,,false,false,2023-09-25T19:20:57.329Z,0
CVE-2022-4244,https://securityvulnerability.io/vulnerability/CVE-2022-4244,Codehaus-plexus: directory traversal,"A directory traversal vulnerability exists within the Codeplex-Codehaus product, enabling attackers to exploit the flaw by using sequences such as 'dot-dot-slash (../)' or absolute file paths. This could allow unauthorized access to sensitive files and directories beyond the designated folder structure. Exploitation of this vulnerability can potentially expose critical resources, including application source code, configuration files, and other sensitive system files, posing significant risks to system security and integrity.",Red Hat,"Rhint Camel-k-1.10.1,RHPam 7.13.1 Async,A-MQ Clients 2,Red Hat A-MQ Online,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Integration Camel Quarkus,Red Hat Integration Change Data Capture,Red Hat Integration Service Registry,Red Hat Jboss A-MQ 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Web Server 3,Red Hat Jboss Web Server 5,Red Hat Openshift Application Runtimes,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Red Hat Software Collections,Red Hat Support For Spring Boot",7.5,HIGH,0.001120000029914081,false,false,false,false,,false,false,2023-09-25T19:20:04.703Z,0
CVE-2023-39417,https://securityvulnerability.io/vulnerability/CVE-2023-39417,Postgresql: extension script @substitutions@ within quoting allow sql injection,"This vulnerability in PostgreSQL allows for SQL Injection when specific quoting constructs are employed with certain extension strings (e.g., @extowner@, @extschema@). If an administrator has installed a vulnerable non-bundled extension, an attacker possessing database-level CREATE privileges can exploit this flaw to execute arbitrary commands, potentially gaining privileges as a bootstrap superuser. Organizations must ensure that they are protecting against this risk by assessing their use of PostgreSQL extensions and applying necessary mitigations.",Red Hat,"Red Hat Advanced Cluster Security 4.2,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Software Collections For Red Hat Enterprise Linux 7,Rhacs-3.74-rhel-8,Rhacs-4.1-rhel-8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Software Collections",7.5,HIGH,0.003710000077262521,false,false,false,false,,false,false,2023-08-11T13:15:00.000Z,0
CVE-2023-39418,https://securityvulnerability.io/vulnerability/CVE-2023-39418,Postgresql: merge fails to enforce update or select row security policies,"A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Software Collections",4.3,MEDIUM,0.0049600000493228436,false,false,false,false,,false,false,2023-08-11T13:15:00.000Z,0