VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
No fix, workaround or mitigation extracted yet
Fix potential out-of-bounds access in __ceph_x_decrypt(). Red Hat rates this moderate (CVSS 7). Weakness: CWE-125.
Drop all SCM attributes for SOCKMAP. Red Hat rates this moderate (CVSS 7). Weakness: CWE-772.
don't use simple_strtoul. Red Hat rates this moderate (CVSS 7). Weakness: CWE-170.
fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER. Red Hat rates this moderate (CVSS 7). Weakness: CWE-364.
fix missing expect put in obj eval. Red Hat rates this moderate (CVSS 7). Weakness: CWE-772.
fix refcount saturation and potential UAF in qrtr_port_remove. Red Hat rates this moderate (CVSS 7). Weakness: CWE-911.
Fix potential use-after-free in get_timestamp. Red Hat rates this moderate (CVSS 7). Weakness: CWE-825.
Clear HCI_UART_PROTO_INIT on error. Red Hat rates this moderate (CVSS 7). Weakness: CWE-825.
fix nfs4_file access extra count in nfsd4_add_rdaccess_to_wrdeleg. Red Hat rates this moderate (CVSS 7). Weakness: CWE-911.
IKEv1 Denial of Service via RSA-SHA1 (PKCS#1 Version 1.5 Encrypted) authentication payload. Red Hat rates this moderate (CVSS 7.5). Weakness: CWE-347.
IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload. Red Hat rates this moderate (CVSS 7.5). Weakness: CWE-347.
IKEv2 Denial of Service via malformed fragmentation. Red Hat rates this important (CVSS 7.5). Weakness: CWE-193.
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration. This information disclosure could expose sensitive configuration details of the Jenkins environment. Red Hat severity: Moderate — CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Weakness: CWE-425. Affected Red Hat products: OpenShift Developer Tools and Services. Red Hat does not currently list a fixing RHSA for this CVE.
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator. This could enable unauthorized modifications to the Jenkins environment. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). Weakness: CWE-940. Affected Red Hat products: OpenShift Developer Tools and Services. Red Hat does not currently list a fixing RHSA for this CVE.
Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit Affected product named by the advisory: GitLab.
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.36 in Java applications, allows an attacker to execute arbitrary code circumventing existing protections against CVE-2025-11226 by compromising an existing logback configuration file or by injecting an environment variable before program execution. A successful attack requires the presence of Janino library to be present on the user's class path. In addition, the attacker must have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privilege. Please note that in logack version 1.5.37 conditional processing using Janino was removed. A flaw was found in logback-core, a logging framework for Java applications. Red Hat severity: Moderate — CVSS 6 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). Weakness: CWE-94.
In the Linux kernel, the following vulnerability has been resolved: vrf: Fix a potential NPD when removing a port from a VRF RCU readers that identified a net device as a VRF port using netif_is_l3_slave() assume that a subsequent call to netdev_master_upper_dev_get_rcu() will return a VRF device. They then continue to dereference its l3mdev operations. This assumption is not always correct and can result in a NPD [1]. There is no RCU synchronization when removing a port from a VRF, so it is possible for an RCU reader to see a new master device (e.g., a bridge) that does not have l3mdev operations. Fix by adding RCU synchronization after clearing the IFF_L3MDEV_SLAVE flag. Skip this synchronization when a net device is removed from a VRF as part of its deletion and when the VRF device itself is deleted.
Reject SIOCATMARK on non-stream sockets. Red Hat rates this low (CVSS 5.5). Weakness: CWE-1287.
avoid NULL deref of conn->lnk in smc_msg_event tracepoint. Red Hat rates this low (CVSS 5.5). Weakness: CWE-476.
fix NULL deref in rds_ib_send_cqe_handler() on masked atomic completion. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-476.