VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
No fix, workaround or mitigation extracted yet
don't use simple_strtoul. Red Hat rates this moderate (CVSS 7). Weakness: CWE-170.
fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER. Red Hat rates this moderate (CVSS 7). Weakness: CWE-364.
fix missing expect put in obj eval. Red Hat rates this moderate (CVSS 7). Weakness: CWE-772.
fix refcount saturation and potential UAF in qrtr_port_remove. Red Hat rates this moderate (CVSS 7). Weakness: CWE-911.
Fix potential use-after-free in get_timestamp. Red Hat rates this moderate (CVSS 7). Weakness: CWE-825.
Clear HCI_UART_PROTO_INIT on error. Red Hat rates this moderate (CVSS 7). Weakness: CWE-825.
fix nfs4_file access extra count in nfsd4_add_rdaccess_to_wrdeleg. Red Hat rates this moderate (CVSS 7). Weakness: CWE-911.
Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persisted state-machine contexts without enforcing a class allowlist (CWE-502, deserialisation of untrusted data), which can lead to remote code execution inside the application JVM. Affected versions: Spring Statemachine 4.0.0 through 4.0.1 Spring Statemachine 3.2.0 through 3.2.4
When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition (CRD) access log format setting are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these CRDs may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the AuthenticationFilter Custom Resource Definition extraAuthArgs field are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these Custom Resource Definitions may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. (Chromium security severity: High) Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=517484284 Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory. Red Hat severity: Important — CVSS 8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N). Weakness: CWE-807.
Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High) An inappropriate implementation flaw was found in the Serial component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=517406035 Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory. Red Hat severity: Important — CVSS 8.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N). Weakness: CWE-79.
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) An insufficient data validation flaw was found in the Extensions component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=517153117 Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory. Red Hat severity: Important — CVSS 7.4 (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N). Weakness: CWE-653.
Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) An use after free flaw was found in the Tab Strip component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=517069848 Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory. Red Hat severity: Important — CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Weakness: CWE-825.
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: High) An insufficient validation of untrusted input flaw was found in the Extensions component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=517124587 Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory. Red Hat severity: Important — CVSS 8.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N). Weakness: CWE-346.
Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=516926968 Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory. Red Hat severity: Important — CVSS 8.3 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Weakness: CWE-368.
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=514741076 Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory. Red Hat severity: Important — CVSS 8.3 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Weakness: CWE-825.
Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) An use after free flaw was found in the Downloads component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=515462244 Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory. Red Hat severity: Important — CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Weakness: CWE-825.
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: High) An inappropriate implementation flaw was found in the WebView component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=513458233 Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory. Red Hat severity: Important — CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Weakness: CWE-266.