VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
No fix, workaround or mitigation extracted yet
fix deadlock in remain-on-channel. Red Hat rates this low (CVSS 5.5). Weakness: CWE-833.
handle rbtree insertion error in decode_choose_args(). Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-617.
join hook list via splice_list_rcu() in commit phase. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-821.
Set the mhdp connector earlier in atomic_enable(). Red Hat rates this low (CVSS 5.5). Weakness: CWE-824.
dm cache: fix dirty mapping checking in passthrough mode switching. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-367.
prevent NULL pointer dereference during unmount. Red Hat rates this low (CVSS 5.5). Weakness: CWE-825.
Fix stale offload->prog pointer after constant blinding. Red Hat rates this moderate (CVSS 6.7). Weakness: CWE-825.
Fix potential out-of-bounds access in osdmap_decode(). Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-1284.
Client-side Cross-Site Scripting (XSS) due to incomplete HTML tag stripping. Red Hat rates this moderate (CVSS 4.2). Weakness: CWE-79.
Denial of Service via crafted DHCPv6 ADVERTISE message. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-787.
Denial of Service via crafted SQL statements. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-89.
openlink virtuoso-opensource: Denial of Service via crafted SQL statements. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-89.
Tempo and Loki Datasource Plugins: Information disclosure and unauthorized actions via path traversal. Red Hat rates this moderate (CVSS 5.4). Weakness: CWE-22.
setupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via /etc/shadow. A compromised process inside a bpm container can cause root to chown an arbitrary host file to vcap and append bpm JSON log lines to it. The chown alone lets the attacker take ownership of /etc/shadow and read every password hash on the host via the read-only /etc bind mount. This is a container-to-host confidentiality break affecting every bpm-managed job. Affected versions: bpm-release, all versions prior to v1.4.30.
Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat model treats as untrusted, can therefore defeat the documented ICMP egress block to perform network reconnaissance and exfiltrate data over an ICMP covert channel, regardless of the configured allowlist.
Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which the threat model treats as untrusted, can therefore encode data into DNS labels for an attacker-controlled domain and exfiltrate it through a DNS covert channel, bypassing the configured allowlist.
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When content is served or proxied through a location block with both source_charset utf-8; and a charset directive (for example, charset koi8-r;) configured, remote, unauthenticated attackers can send requests (in conjunction with conditions beyond their control) to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a specially crafted AV1 media file, triggering an assertion abort and causing the application to crash. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 9.
Idira Vendor PAM - Self-Hosted Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17
Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial of service (DoS). CyberArk Security Bulletin: CA26-20