VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
Use-after-free vulnerability during host key re-exchange on the client side. Red Hat rates this important (CVSS 7.7). Weakness: CWE-825. Red Hat lists fixing advisory RHSA-2026:37382 with package openssh-main-10.4p1-1.hum1.
glamor Font Atlas Heap Buffer Overflow. Red Hat rates this important (CVSS 7.5). Weakness: CWE-805. Red Hat lists fixing advisory RHSA-2026:38486 with package xorg-x11-server-0:1.20.11-34.el9_8.3, xorg-x11-server-Xwayland-0:21.1.3-20.el8_10.3, xorg-x11-server-Xwayland-0:24.1.9-4.el9_8.3, xorg-x11-server-0:1.20.11-28.el8_10.3. Affected products named by the advisory: Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 1.
BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow. Red Hat rates this important (CVSS 7.3).
PCF Font Parsing Heap Buffer Overflow. Red Hat rates this important (CVSS 7.3). Weakness: CWE-787.
rfbsrc/librfb Hextile heap out-of-bounds write with 16bpp framebuffer. Red Hat rates this important (CVSS 7.1). Weakness: CWE-787.
DTLS certificate Subject DN stack buffer overflow in openssl_verify_callback. Red Hat rates this important (CVSS 7.5). Weakness: CWE-121.
GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to missing authorization checks.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls on cross-project reference pages.
Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service Affected product named by the advisory: GitLab.
FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service Affected product named by the advisory: GitLab.
Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service Affected product named by the advisory: GitLab.
GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to improper authorization controls.
JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase() in GitHandler.prepare() in jupyterlab_git/handlers.py to enforce excluded_paths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded directories. This issue is fixed in version 0.54.0. This vulnerability allows an authenticated user on a case-insensitive filesystem to bypass administrator-configured excluded paths by varying the case of the URL path segment. This bypass enables the user to read file content, view git status, logs, and diffs, and enumerate commits within directories that were intended to be excluded. The root cause is the unconditional case-sensitivity of the `fnmatch.fnmatchcase()` function used for path enforcement, which does not normalize paths for case-insensitive platforms. This Moderate impact flaw in JupyterLab Git, as deployed in Red Hat OpenShift AI, allows an authenticated user to bypass administrator-defined path exclusions on case-insensitive filesystems. By manipulating the casing of URL path segments, an attacker can gain unauthorized read access to sensitive Git repository information, including file content and commit history, from directories intended to be protected. This bypass occurs because the path enforcement mechanism does not account for filesystem case-insensitivity.