VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
No fix, workaround or mitigation extracted yet
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service. A flaw was found in ImageMagick. This vulnerability involves a memory leak within the VIFF encoder, a component responsible for handling image files. This action can exhaust available system memory, leading to a denial of service (DoS) where the system becomes unresponsive. Red Hat severity: Low — CVSS 2.9 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-772. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process. A flaw was found in ImageMagick. This could lead to unauthorized file creation or modification, potentially impacting system integrity. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-22. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion. A flaw was found in ImageMagick. Successful exploitation leads to resource exhaustion, resulting in a denial of service (DoS) for the affected system. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). Weakness: CWE-772. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure Affected product named by the advisory: GitLab.
BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure A flaw was found in Wireshark. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted BLF file, leading to the disclosure of sensitive information. Red Hat severity: Low — CVSS 2.5 (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Weakness: CWE-237. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper authorization on certain GraphQL operations. A flaw was found in GitLab Enterprise Edition (EE). This was possible due to improper authorization on certain GraphQL operations, allowing them to bypass intended access controls. Red Hat severity: Low — CVSS 2.7 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-639. Red Hat lists OpenShift Pipelines; Red Hat OpenShift Container Platform 4 as not affected.
A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect comparison. The attack is only possible with local access. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. This issue primarily impacts data integrity. Low: This HdrHistogram flaw enables a local attacker to manipulate data, resulting in incorrect value comparisons and a data integrity impact. The requirement for local system access significantly reduces the overall exposure and risk for Red Hat products. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-839. Affected Red Hat products: Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux 8; Red Hat Hardened Images; Red Hat OpenShift AI (RHOAI). Red Hat lists Logging Subsystem for Red Hat OpenShift; OpenShift Lightspeed; OpenShift Service Mesh 3; Red Hat OpenShift AI (RHOAI); Red Hat OpenShift Container Platform 4; Red Hat OpenShift Update Service as not affected. Red Hat does not currently list a fixing RHSA for this CVE.
A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. A local attacker can exploit a vulnerability in the `decodeFromCompressedByteBuffer` function by manipulating the `lengthOfCompressedContents` argument. Low impact. This issue requires local access and results in resource exhaustion, not arbitrary code execution or data compromise. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-770. Affected Red Hat products: Red Hat Enterprise Linux 8; Red Hat Hardened Images; Red Hat OpenShift AI (RHOAI). Under investigation: Red Hat Ansible Automation Platform 2. Red Hat lists Logging Subsystem for Red Hat OpenShift; OpenShift Lightspeed; OpenShift Service Mesh 3; Red Hat OpenShift AI (RHOAI); Red Hat OpenShift Container Platform 4; Red Hat OpenShift Update Service as not affected. Red Hat does not currently list a fixing RHSA for this CVE.
Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl (tls_gen_connection module) allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The function tls_gen_connection:handle_protocol_record/3 rejects APPLICATION_DATA records that arrive in pre-handshake states when the TLS endpoint acts as a server, but does not apply the same check when the endpoint acts as a client. The records are buffered and, once the handshake completes successfully, delivered to the application as if they were authenticated post-handshake data. The attacker cannot observe the client's response or steer the connection, so the impact is limited to blind injection of unauthenticated bytes. The injection window is wider for TLS versions prior to TLS 1.3 than for TLS 1.3. This vulnerability is associated with program file lib/ssl/src/tls_gen_connection.erl. This issue affects OTP from OTP 17.0 before 29.0.3, 28.5.0.3 and 27.3.4.14 corresponding to ssl from 5.3.4 before 11.7.3, 11.6.0.3 and 11.2.12.10. TLS 1.3 is affected starting with OTP 22.0, when TLS 1.3 support was added. A flaw was found in Erlang's SSL (Secure Sockets Layer) component.
Multiple NetApp products incorporate OpenSSL. OpenSSL versions 4.0, 3.6, 3.5, 3.4, and 3.0 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. Successful exploitation of this vulnerability could lead to disclosure of sensitive information. Affected products: FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400/C400, NetApp Console Agent Container (adc), NetApp Console Agent Container (cbs), NetApp Console Agent Container (cbs-backend), ONTAP Select Deploy administration utility. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.