VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1625 advisories across 32 monitored vendors.
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the gRPC listener, allowing a client with a revoked certificate to authenticate successfully over gRPC. This issue is fixed in versions 3.5.32 and 3.6.13. This oversight allows a client with a revoked certificate to successfully authenticate, potentially leading to unauthorized access and compromise of data integrity. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). Weakness: CWE-295. Affected Red Hat products: Red Hat OpenStack Platform 16.2; Red Hat OpenStack Platform 17.1. Red Hat does not currently list a fixing RHSA for this CVE.
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service A flaw was found in Wireshark, a network protocol analyzer. An attacker could exploit this vulnerability by sending a specially crafted network packet, which would cause the IEEE 802.11 protocol dissector to crash. This issue results in a denial of service, making the Wireshark application unresponsive and unavailable to users. This Moderate impact flaw in Wireshark allows a denial of service when processing specially crafted IEEE 802.11 network packets. The vulnerability affects the availability of the Wireshark application, potentially disrupting network analysis operations, and requires an attacker to inject or present malicious 802.11 traffic to the system. Red Hat severity: Moderate — CVSS 5.7 (CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-476. Affected Red Hat products: Red Hat Enterprise Linux 10. Red Hat does not currently list a fixing RHSA for this CVE.
Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service A flaw was found in Wireshark. A local attacker could exploit a crash in the Catapult DCT2000 protocol dissector. This vulnerability, requiring user interaction, leads to a denial of service, making the system unavailable. This flaw requires local user interaction, as an attacker must provide a specially crafted capture file for a user to open. The impact is limited to the availability of the Wireshark application, making the system unavailable only in the context of network traffic analysis. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-476. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service A flaw was found in Wireshark. A local user could exploit this vulnerability by processing a specially crafted FMP/NOTIFY protocol packet. This could lead to a denial of service (DoS) due to a crash in the protocol dissector, making the application unavailable. The vulnerability requires user interaction, as an attacker must trick a local user into opening a malicious packet capture file, limiting the attack surface. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-1286. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service A flaw was found in Wireshark. A remote attacker could exploit a vulnerability in the pcapng file parser, leading to a crash of the application. This denial of service (DoS) could prevent legitimate users from accessing the service, impacting its availability. Exploitation requires user interaction, as the user must open the malicious file. Red Hat severity: Moderate. Weakness: CWE-825. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service A flaw was found in Wireshark's SSH (Secure Shell) protocol dissector. A remote attacker could craft a malicious network capture file that, when opened by a user, would cause the Wireshark application to crash. This vulnerability leads to a denial of service, preventing the user from analyzing network traffic. This issue requires user interaction to open a malicious file, limiting its impact to the availability of the Wireshark application for network traffic analysis. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-1286. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service A flaw was found in Wireshark. This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted Universal Mobile Telecommunications System (UMTS) FP protocol packet. This can disrupt network analysis operations. While exploitable by a remote attacker, successful exploitation requires a user to either open a malicious capture file or actively capture network traffic containing the crafted packet. This limits the attack surface to scenarios where Wireshark is actively used for network analysis. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-1286. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service A flaw was found in Wireshark. A remote attacker could exploit a vulnerability in the DBS Etherwatch file parser, leading to a crash of the application. This could result in a denial of service, making the Wireshark application unavailable to users. This flaw allows a remote attacker to trigger an application crash by processing a specially crafted file, impacting the availability of the network analysis tool. The vulnerability requires user interaction to open a malicious file or process untrusted network captures. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-1286. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service A heap buffer overflow can occur when the dissector processes malformed Z39.50 records with partial directory entries, as the pre-allocated array size is calculated using floor division and does not account for additional partial entries. An attacker could exploit this by convincing a user to open a specially crafted packet capture file, causing Wireshark to crash. This flaw requires user interaction, specifically opening a specially crafted packet capture file, limiting its immediate impact on typical server deployments. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-131. Affected Red Hat products: Red Hat Enterprise Linux 10. Red Hat does not currently list a fixing RHSA for this CVE.
TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service A flaw was found in Wireshark. This vulnerability allows a remote attacker to cause a denial of service by crafting a malicious TLS Encrypted Client Hello (ECH) packet. When Wireshark attempts to decrypt this malformed packet, it can lead to a crash of the application, making it unavailable. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-617. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service A flaw was found in Wireshark. A local user could trigger multiple protocol dissector infinite loops by providing specially crafted network traffic for analysis. This could lead to a Denial of Service (DoS) condition, making the application unresponsive. Exploitation requires a local user to open and analyze specially crafted network traffic, limiting the attack vector to interactive use cases rather than automated or remote exploitation. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-835. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service A flaw was found in Wireshark, specifically within its `ciscodump` component. The issue can be exploited through user interaction, making the affected component unavailable. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-476. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls on cross-project reference pages. A flaw was found in GitLab. This vulnerability allows an attacker to gain sensitive information about private projects. Red Hat does not ship or distribute GitLab Community Edition (CE) or Enterprise Edition (EE), the products affected by this flaw. Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Weakness: CWE-862. Red Hat lists OpenShift Pipelines; Red Hat OpenShift Container Platform 4 as not affected.
GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to improper authorization controls. A flaw was found in GitLab EE. This vulnerability allows the user to obtain other users' stored credentials, leading to unauthorized information disclosure. Red Hat severity: Moderate — CVSS 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-266. Affected Red Hat products: OpenShift Pipelines; Red Hat OpenShift Container Platform 4. Red Hat does not currently list a fixing RHSA for this CVE.
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo._read() in archiveinfo.py used an O(n^2) cumulative sum pattern for attacker-controlled numstreams values parsed from archive headers, allowing a crafted .7z archive to cause excessive CPU consumption during SevenZipFile.init() before extraction. This issue is fixed in version 1.1.3. A flaw was found in py7zr, a Python library for 7zip archives. A remote attacker could exploit this vulnerability by providing a specially crafted .7z archive. This archive, when processed by the `SevenZipFile.init()` function, triggers an inefficient algorithmic complexity (CWE-407) during header parsing. This leads to excessive CPU consumption, resulting in a Denial of Service (DoS) for any application that opens untrusted .7z archives using py7zr. This Moderate severity flaw in the `py7zr` library can lead to a Denial of Service. Applications that utilize `py7zr` to open or process untrusted `.7z` archives are vulnerable to excessive CPU consumption. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-606.
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress() extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expands to 100 MB to exhaust disk or memory before extraction completes. This issue is fixed in version 1.1.3. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by providing a specially crafted .7z file. The `Worker.decompress()` function fails to track the total decompressed size, enabling a small archive to expand significantly and exhaust system resources such as disk space or memory during extraction. This issue is also known as a decompression bomb (CWE-409). This Moderate impact flaw in the py7zr Python library can lead to a denial of service when processing specially crafted 7zip archives. An attacker could provide a malicious archive that, upon decompression, exhausts system resources such as disk space or memory, impacting the availability of services that utilize py7zr for archive handling. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-409.
Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite host files exposed as FilePerms::READ through wasip1, wasip2, or wasip3 filesystem interfaces. This issue is fixed in versions 24.0.11, 36.0.12, 45.0.3, and 46.0.1. This Moderate-impact flaw in Wasmtime allows a malicious WebAssembly System Interface (WASI) guest to overwrite host files. By exploiting insufficient permission checks during hard-link and rename operations, a guest with read-only file capabilities can modify host files that are exposed with read permissions through WASI filesystem interfaces. This could lead to data integrity issues on the host system. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N). Weakness: CWE-280. Affected Red Hat products: Red Hat Connectivity Link 1; Red Hat Enterprise Linux 10; Red Hat Hardened Images. Red Hat does not currently list a fixing RHSA for this CVE.
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with access to the WebSocket listener to reach uninitialized MQTT state and crash the server process. This issue is fixed in versions 2.14.3 and 2.12.12. A flaw was found in NATS Server. This can result in a Denial of Service (DoS) for the NATS Server. This Moderate flaw in NATS Server allows an unauthenticated remote attacker to cause a denial of service. This impacts the availability of NATS Server deployments that expose a WebSocket listener, as it does not require specific MQTT configuration to exploit. Red Hat severity: Moderate — CVSS 6.8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H). Weakness: CWE-824. Red Hat lists Red Hat Hardened Images as not affected.
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal arithmetic before the response window was safely bounded. This issue is fixed in versions 2.14.3 and 2.12.12. A flaw was found in NATS Server. This is achieved by providing pagination offset and limit values that cause an arithmetic overflow, leading to a Denial of Service (DoS). CVE.org and NVD independently assess this issue at different severities than Red Hat because CVE.org uses a Changed scope (S:C) in its CVSS vector, treating the crash as impacting components beyond the NATS Server process itself. Red Hat, consistent with NVDs own scoring, assesses the impact as scoped to the NATS Server process (Scope Unchanged), resulting in a CVSS score of 6.5 and a Moderate impact rating. Only account-scoped connection-monitoring requests can trigger the arithmetic overflow, and no Red Hat product runs an externally-reachable, unauthenticated NATS Server monitoring endpoint by default. Weakness: CWE-190. Affected Red Hat products: Multicluster Global Hub; Red Hat Ceph Storage 5; Red Hat Ceph Storage 6; Red Hat Ceph Storage 7; Red Hat Ceph Storage 8; Red Hat Ceph Storage 9.
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset of it, and queue subscriptions could also affect delivery to legitimate queue consumers. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16. A flaw was found in NATS Server. This could lead to unauthorized information disclosure. Moderate: An information disclosure flaw in NATS Server allows an authenticated user to bypass configured access restrictions, enabling them to receive messages on subjects that should be denied. This occurs when wildcard subscriptions overlap with deny rules or when queue subscriptions interfere with message delivery. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-551. Red Hat lists Red Hat Hardened Images as not affected.