VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
No fix, workaround or mitigation extracted yet
fix use-after-free bugs in mt7996_mac_dump_work(). Red Hat rates this a security issue. Weakness: CWE-364.
Fix memory leak in renesas_i3c_i3c_xfers(). Red Hat rates this a security issue. Weakness: CWE-763.
fix use-after-free on cdev close. Red Hat rates this a security issue. Weakness: CWE-825.
require admin permission for dev-set and key-rotate. Red Hat rates this a security issue. Weakness: CWE-266.
Fix potential race condition in TLB sync. Red Hat rates this a security issue. Weakness: CWE-414.
fix mismatch between power and frequency. Red Hat rates this a security issue. Weakness: CWE-367.
validate nzones in adfs_validate_bblk(). Red Hat rates this a security issue. Weakness: CWE-124.
avoid reading already updated pages during GC. Red Hat rates this a security issue. Weakness: CWE-367.
fix uninit-value in sixpack_receive_buf. Red Hat rates this a security issue. Weakness: CWE-824.
Fix dll_change check. Red Hat rates this a security issue. Weakness: CWE-480.
fix integer overflow in AFBC framebuffer size check. Red Hat rates this a security issue. Weakness: CWE-190.
validate group add input before caching. Red Hat rates this a security issue. Weakness: CWE-179.
fix missing run load for vcn0 in attr_data_get_block_locked(). Red Hat rates this a security issue. Weakness: CWE-166.
Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persisted state-machine contexts without enforcing a class allowlist (CWE-502, deserialisation of untrusted data), which can lead to remote code execution inside the application JVM. Affected versions: Spring Statemachine 4.0.0 through 4.0.1 Spring Statemachine 3.2.0 through 3.2.4
Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but fails to inspect the is_admin flag. Attackers can send requests to any endpoint under the /api/users path to create new administrator accounts or reset administrator passwords, thereby gaining full control of the server and the ability to modify boot menus and installation scripts served to PXE clients. A flaw was found in dhcpcd. This vulnerability allows an unauthenticated attacker on the same network link to trigger a one-byte stack out-of-bounds write. By sending a specially crafted DHCPv6 ADVERTISE message with an oversized option, the attacker can corrupt adjacent stack memory. This can lead to a denial of service (DoS) in the affected system. Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-787. Affected Red Hat products: Red Hat Enterprise Linux 10. Red Hat does not currently list a fixing RHSA for this CVE.
An issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. This issue impacts the availability of the affected system. Although `virtuoso-opensource` is shipped with RHEL 7 Extended Lifecycle Support (ELS), the vulnerable code is completely absent from the package. Therefore, Red Hat products are not impacted by this vulnerability. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-89. Red Hat lists Red Hat Enterprise Linux 7 as not affected.
An issue in the t_set_push component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. An attacker can exploit this vulnerability by sending specially crafted SQL statements to the t_set_push component. This can lead to a Denial of Service (DoS), making the system unavailable to legitimate users. Although `virtuoso-opensource` is shipped with RHEL 7 Extended Lifecycle Support (ELS), the vulnerable code is completely absent from the package. Therefore, Red Hat products are not impacted by this vulnerability. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-89. Red Hat lists Red Hat Enterprise Linux 7 as not affected.
An issue in the sqlo_tb_col_preds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. This can lead to the unavailability of the service. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-89. Affected Red Hat products: Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
An issue in the sqlo_key_part_best component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. This vulnerability allows an attacker to disrupt the availability of the service. Moderate: This denial of service flaw in virtuoso-opensource does not affect Red Hat Enterprise Linux 7 as the vulnerable code is not present in the shipped package. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-89. Red Hat lists Red Hat Enterprise Linux 7 as not affected.
A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the configured backend. A remote attacker with a Viewer role could exploit a path traversal vulnerability by manipulating user-supplied input in URL paths. This could allow the attacker to capture sensitive administrator-configured datasource credentials, invoke state-changing administrative functions on Tempo, or exfiltrate internal service data from Loki. Red Hat severity: Moderate — CVSS 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). Weakness: CWE-22. Affected Red Hat products: Multicluster Global Hub; Red Hat Advanced Cluster Management for Kubernetes 2; Red Hat Ceph Storage 5; Red Hat Ceph Storage 6; Red Hat Ceph Storage 7; Red Hat Ceph Storage 8; Red Hat Ceph Storage 9; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Red Hat does not currently list a fixing RHSA for this CVE.