VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
13 advisories across 32 monitored vendors.
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service. A flaw was found in ImageMagick. This vulnerability involves a memory leak within the VIFF encoder, a component responsible for handling image files. This action can exhaust available system memory, leading to a denial of service (DoS) where the system becomes unresponsive. Red Hat severity: Low — CVSS 2.9 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-772. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process. A flaw was found in ImageMagick. This could lead to unauthorized file creation or modification, potentially impacting system integrity. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-22. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins and HTTP attachment and config loaders in apprise/attachment/http.py and apprise/config/http.py follow HTTP redirects by default and resend user-configured auth headers and query parameters on the redirected request, allowing a compromised trusted destination or on-path attacker to receive secrets such as Authorization headers, bearer tokens, custom headers, and service keys. This issue is fixed in version 1.11.0. A flaw was found in Apprise, an open-source library for sending notifications. This flaw affects the community-maintained python-apprise package as shipped in Fedora and EPEL. Red Hat does not ship Apprise in any core Red Hat product. Red Hat severity: Low — CVSS 3.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Weakness: CWE-201.
ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion. A flaw was found in ImageMagick. Successful exploitation leads to resource exhaustion, resulting in a denial of service (DoS) for the affected system. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). Weakness: CWE-772. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure A flaw was found in Wireshark. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted BLF file, leading to the disclosure of sensitive information. Red Hat severity: Low — CVSS 2.5 (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Weakness: CWE-237. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper authorization on certain GraphQL operations. A flaw was found in GitLab Enterprise Edition (EE). This was possible due to improper authorization on certain GraphQL operations, allowing them to bypass intended access controls. Red Hat severity: Low — CVSS 2.7 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-639. Red Hat lists OpenShift Pipelines; Red Hat OpenShift Container Platform 4 as not affected.
ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting any writer calling GetPixelIndex. This vulnerability in ImageMagick is rated as Low impact. Exploitation requires an attacker to trigger these specific resource exhaustion conditions, which limits the practical attack surface and reduces the overall risk of information disclosure on standard Red Hat deployments. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L). Weakness: CWE-125. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder due to missing boundary checks when parsing ftxt:format. Remote attackers can trigger an out of bounds read by crafting malicious FTXT image files to cause denial of service or information disclosure. A remote attacker could exploit this using a specially crafted FTXT image to cause a denial of service or disclose sensitive information. This low-impact heap buffer overflow in ImageMagick's FTXT encoder, caused by insufficient boundary checks, could lead to denial of service or information disclosure if a user opens a specially crafted FTXT file. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). Weakness: CWE-125. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system. Red Hat severity: Low — CVSS 3.9 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L). Affected Red Hat products: Red Hat Hardened Images; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Under investigation: Red Hat OpenShift Container Platform 4. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat fixing advisory: RHSA-2026:38279.
A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash information, though practical exploitation is extremely difficult due to PBKDF2 computational overhead. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Weakness: CWE-208. Affected Red Hat products: Red Hat Directory Server 11; Red Hat Directory Server 12; Red Hat Directory Server 13; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Red Hat lists Red Hat Enterprise Linux 6 as not affected. Red Hat does not currently list a fixing RHSA for this CVE.
A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attacker with the ability to intercept and modify WebRTC signaling messages could exploit this to bypass the SDP-level DTLS certificate fingerprint binding, weakening defenses against man-in-the-middle attacks on media streams. This vulnerability is rated as Low severity because exploitation requires man-in-the-middle access to the WebRTC signaling channel, which is typically TLS-protected. Additionally, the DTLS layer may still independently validate certificates, limiting the practical impact of this bypass. The webrtcbin component is shipped as part of gstreamer1-plugins-bad-free in Red Hat Enterprise Linux 8, 9, 10, and RHIVOS. The vulnerability weakens one layer of defense-in-depth but does not constitute a complete cryptographic break. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-670. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Red Hat does not currently list a fixing RHSA for this CVE.
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `UpdateCacheMiddleware` and the `cache_page()` decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Chris Whyland for reporting this issue. When django.middleware.cache.UpdateCacheMiddleware or django.views.decorators.cache.cache_page is in use, responses that set a cookie are not excluded from caching if the request includes any cookie, even when that cookie is unrelated to the response (for example, a language or theme preference). A remote attacker can retrieve a cached response intended for another user and obtain sensitive cookie data from the stored Set-Cookie header. This flaw is rated as Low impact. When Django's UpdateCacheMiddleware or cache_page decorator is configured, responses containing sensitive Set-Cookie headers may be improperly cached and subsequently disclosed to other users if the initial request included any cookie. This issue primarily affects Red Hat products utilizing Django with specific caching configurations, potentially leading to limited information exposure.
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `DomainNameValidator` does not prohibit newlines in domain names (unless used via a form field, since `CharField` strips newlines). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because `HttpResponse` prohibits newlines in HTTP headers. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Bence Nagy for reporting this issue. A flaw was found in Django. django.core.validators.DomainNameValidator accepted newline characters in domain name input. When applications use this validator outside Django form fields and include the validated value in HTTP response headers, a remote attacker could perform HTTP header injection. Django core is not affected because HttpResponse rejects newlines in headers, and CharField strips newlines by default. This flaw has a Low impact on Red Hat products. A vulnerability in Django's `DomainNameValidator` allows newline characters, which could enable HTTP header injection if validated values are directly used in HTTP response headers outside of Django's standard form handling.