VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
Denial of service via FMP/NOTIFY protocol dissector crash. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-1286.
Denial of Service via pcapng file parser crash. Red Hat rates this moderate. Weakness: CWE-825.
Denial of service via SSH protocol dissector crash. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-1286.
Denial of Service via UMTS FP protocol dissector crash. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-1286.
DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service A flaw was found in Wireshark. A remote attacker could exploit a vulnerability in the DBS Etherwatch file parser, leading to a crash of the application. This could result in a denial of service, making the Wireshark application unavailable to users. This flaw allows a remote attacker to trigger an application crash by processing a specially crafted file, impacting the availability of the network analysis tool. The vulnerability requires user interaction to open a malicious file or process untrusted network captures. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-1286. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service A heap buffer overflow can occur when the dissector processes malformed Z39.50 records with partial directory entries, as the pre-allocated array size is calculated using floor division and does not account for additional partial entries. An attacker could exploit this by convincing a user to open a specially crafted packet capture file, causing Wireshark to crash. This flaw requires user interaction, specifically opening a specially crafted packet capture file, limiting its immediate impact on typical server deployments. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-131. Affected Red Hat products: Red Hat Enterprise Linux 10. Red Hat does not currently list a fixing RHSA for this CVE.
TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service A flaw was found in Wireshark. This vulnerability allows a remote attacker to cause a denial of service by crafting a malicious TLS Encrypted Client Hello (ECH) packet. When Wireshark attempts to decrypt this malformed packet, it can lead to a crash of the application, making it unavailable. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-617. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service A flaw was found in Wireshark. A local user could trigger multiple protocol dissector infinite loops by providing specially crafted network traffic for analysis. This could lead to a Denial of Service (DoS) condition, making the application unresponsive. Exploitation requires a local user to open and analyze specially crafted network traffic, limiting the attack vector to interactive use cases rather than automated or remote exploitation. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-835. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service A flaw was found in Wireshark, specifically within its `ciscodump` component. The issue can be exploited through user interaction, making the affected component unavailable. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-476. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
Information disclosure of private project existence via improper authorization. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-862.
GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to improper authorization controls. A flaw was found in GitLab EE. This vulnerability allows the user to obtain other users' stored credentials, leading to unauthorized information disclosure. Red Hat severity: Moderate — CVSS 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-266. Affected Red Hat products: OpenShift Pipelines; Red Hat OpenShift Container Platform 4. Red Hat does not currently list a fixing RHSA for this CVE.
Denial of Service via crafted .7z archives due to inefficient algorithmic complexity. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-606.
Denial of Service via decompression bomb in 7zip archive extraction. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-409.
Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite host files exposed as FilePerms::READ through wasip1, wasip2, or wasip3 filesystem interfaces. This issue is fixed in versions 24.0.11, 36.0.12, 45.0.3, and 46.0.1. This Moderate-impact flaw in Wasmtime allows a malicious WebAssembly System Interface (WASI) guest to overwrite host files. By exploiting insufficient permission checks during hard-link and rename operations, a guest with read-only file capabilities can modify host files that are exposed with read permissions through WASI filesystem interfaces. This could lead to data integrity issues on the host system. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N). Weakness: CWE-280. Affected Red Hat products: Red Hat Connectivity Link 1; Red Hat Enterprise Linux 10; Red Hat Hardened Images. Red Hat does not currently list a fixing RHSA for this CVE.
Denial of Service due to incorrect MQTT-over-WebSocket request routing. Red Hat rates this moderate (CVSS 6.8). Weakness: CWE-824.
Denial of Service via arithmetic overflow in connection monitoring pagination. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-190.
Information disclosure via access control bypass in wildcard and queue subscriptions. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-551.
Information disclosure due to bypass of subject deny rules via queue subscriptions. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-551.
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in version 6.14.1. When a user processes this crafted PDF, such as during text extraction, the vulnerability causes an infinite loop, leading to a Denial of Service (DoS) condition. This issue impacts the availability of the pypdf application. This Moderate-impact flaw in the pypdf library can lead to a denial of service. A remote attacker could provide a specially crafted PDF document containing an unterminated inline image, causing an infinite loop when the document is processed, such as during text extraction. This issue primarily affects the availability of applications that handle untrusted PDF content. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-835. Affected Red Hat products: Exploit Intelligence; OpenShift Lightspeed; Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI); Red Hat Quay 3. Red Hat does not currently list a fixing RHSA for this CVE.
Denial of Service via crafted PDF with unterminated inline image. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-606.