VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
625 advisories across 32 monitored vendors.
A NULL Pointer Dereference vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker setting or deactivating a specific SSH configuration parameter to create a Denial of Service (DoS). A local high-privileged user configuring or deactivating a specific 'system services ssh' configuration parameter can exploit a null pointer dereference in one of the functions used by SSH. The function attempts to dereference a null pointer when accessing certain configuration data, resulting in an mgd process crash and restart. Continued execution of these configuration commands will create a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * from 22.3 before 22.3R3-S5; * from 22.4 before 22.4R3-S10; * from 23.2 before 23.2R2-S7; * from 23.4 before 23.4R2-S8. This issue does not affect Junos OS before 22.3R1. Junos OS Evolved: * from 22.3R1-EVO before 23.2R2-S7-EVO; * from 23.4 before 23.4R2-S8-EVO. Affected products named by the advisory: EX.
OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated service by the same identity provider to authenticate to OpenFGA. This issue is fixed in 1.18.0. Prior to 1.18.0, when OpenFGA is configured to use OIDC authentication (authn.method=oidc, authn.oidc.issuer set) but authn.oidc.audience is left unset, the JWT audience claim on incoming bearer tokens is not validated. As a result, a validly-signed OIDC access token issued by the same identity provider for a completely different, unrelated application can be accepted by OpenFGA as a valid credential, allowing an attacker holding such a token to authenticate to OpenFGA and perform unauthorized authorization queries or writes. An attacker who can obtain such a token, for example one issued to a lower-privileged or unrelated application at the same IdP, could use it to authenticate to OpenFGA and perform authorization queries or writes they should not be permitted to make. This flaw only affects deployments that explicitly enable OpenFGA's OIDC authentication method and leave --authn-oidc-audience unset.
OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL is being used as the datastore and authorization decisions rely on case-sensitive user strings, the tuple, changelog, and authorization_model identifier columns can compare case-distinct values such as user:Alice and user:alice as equivalent, causing two distinct check requests to return the same response. This issue is fixed in 1.18.0. This can lead to improper policy enforcement, where two different authorization requests might receive the same, unintended response, potentially affecting access controls. Red Hat does not ship OpenFGA as a standalone product. The affected code is bundled inside Grafana's experimental "Zanzana" authorization engine (which vendors github.com/openfga/openfga as a Go dependency), and Grafana itself is embedded in Red Hat Ceph Storage's dashboard, Red Hat Advanced Cluster Management, Multicluster Global Hub, and RHEL's grafana package. Zanzana is disabled by default in upstream Grafana (feature toggle zanzana=false, experimental) and none of these embedding products expose it as a supported, user-configurable OpenFGA/MySQL-backed authorization server, which significantly limits real-world exposure even though the vulnerable dependency ships as part of the bundled code. Red Hat severity: Moderate — CVSS 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
A security flaw has been discovered in enquirer up to 2.4.1. Affected is the function Enquirer.set of the component Public Package API. The manipulation of the argument question.name results in improperly controlled modification of object prototype attributes. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report. A flaw was found in enquirer, a command-line prompt tool. A remote attacker could exploit a vulnerability in the `Enquirer.set` function by manipulating the `question.name` argument. This improper handling of object prototype attributes can lead to prototype pollution, allowing an attacker to modify the behavior of an application. This could result in unexpected application behavior or potentially lead to further attacks. This could lead to unexpected application behavior in Red Hat products that use `enquirer` to process untrusted input, as an attacker could modify object attributes. The public availability of an exploit increases the risk. Red Hat severity: Moderate — CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-915. Affected Red Hat products: OpenShift Pipelines; Red Hat Hardened Images; Red Hat OpenShift AI (RHOAI); Red Hat OpenShift Container Platform 4.
Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as their primary safeguard against oversized request bodies will accept arbitrarily large payloads, leading to excessive memory and CPU usage and denial of service. After the fix, invalid limit values throw a clear error at parser construction time instead of silently disabling enforcement, while null and undefined continue to fall back to the default limit of 100kb. Workarounds: Validate the limit value before passing it to body-parser. For example, parse the value at startup and reject any configuration where the result is null or a non-finite number. This can lead to a Denial of Service (DoS) condition, making the application unavailable to legitimate users. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-770. Affected products named by the advisory: Confidential Compute Attestation; Cryostat 4; Gatekeeper 3; Migration Toolkit for Applications 8; and 30 more.
An integer overflow in the jbig2_arith_iaid_ctx_new() function of Artifex commit cc37d0 allows attackers to cause a Denial of Service (DoS) via a crafted input. A flaw was found in jbig2dec. This can lead to the affected system becoming unresponsive or crashing, disrupting its normal operation. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-190. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Red Hat does not currently list a fixing RHSA for this CVE.
GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to missing authorization checks.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls on cross-project reference pages.
Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service Affected product named by the advisory: GitLab.
FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service Affected product named by the advisory: GitLab.
Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service Affected product named by the advisory: GitLab.
GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to improper authorization controls.
JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase() in GitHandler.prepare() in jupyterlab_git/handlers.py to enforce excluded_paths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded directories. This issue is fixed in version 0.54.0. This vulnerability allows an authenticated user on a case-insensitive filesystem to bypass administrator-configured excluded paths by varying the case of the URL path segment. This bypass enables the user to read file content, view git status, logs, and diffs, and enumerate commits within directories that were intended to be excluded. The root cause is the unconditional case-sensitivity of the `fnmatch.fnmatchcase()` function used for path enforcement, which does not normalize paths for case-insensitive platforms. This Moderate impact flaw in JupyterLab Git, as deployed in Red Hat OpenShift AI, allows an authenticated user to bypass administrator-defined path exclusions on case-insensitive filesystems. By manipulating the casing of URL path segments, an attacker can gain unauthorized read access to sensitive Git repository information, including file content and commit history, from directories intended to be protected. This bypass occurs because the path enforcement mechanism does not account for filesystem case-insensitivity.