⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-52615
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 10 months, 2 weeks ago
Avahi: avahi wide-area dns uses constant source port

A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

avahi
<0.9
*
rhcos
CVE-2024-49395
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 10 months, 2 weeks ago
Mutt: neomutt: bcc email header field is indirectly leaked by cryptographic info block

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.

mutt
CVE-2024-49394
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 10 months, 2 weeks ago
Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.

mutt
CVE-2024-49393
7.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 10 months, 2 weeks ago
Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.

mutt
CVE-2024-11079
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 10 months, 2 weeks ago
Ansible-core: unsafe tagging bypass via hostvars object in ansible-core

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

ansible-core
=<2.18.0
*
rhelai1/bootc-nvidia-rhel9
rhelai1/bootc-azure-nvidia-rhel9
ansible-automation-platform/ee-29-rhel8
*
ansible-automation-platform/ee-minimal-rhel8
*
ansible-automation-platform/ee-minimal-rhel9
*
ansible-automation-platform/ansible-builder-rhel8
*
ansible-automation-platform/ansible-builder-rhel9
*
CVE-2024-10963
7.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 10 months, 2 weeks ago
Pam: improper hostname interpretation in pam_access leads to access control bypass

A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.

pam
==1.3.1
<1.7.0
==1.5.1
*
rhcos
*
odh-rhel8-operator
odh-dashboard-rhel8
odh-modelmesh-rhel8
odh-operator-bundle
odh-mm-rest-proxy-rhel8
odh-model-registry-rhel8
odh-kueue-controller-rhel8
odh-mlmd-grpc-server-rhel8
odh-model-controller-rhel8
odh-trustyai-service-rhel8
odh-training-operator-rhel8
odh-codeflare-operator-rhel8
odh-ml-pipelines-driver-rhel8
odh-notebook-controller-rhel8
odh-ml-pipelines-launcher-rhel8
odh-kf-notebook-controller-rhel8
odh-model-registry-operator-rhel8
odh-modelmesh-runtime-adapter-rhel8
odh-trustyai-service-operator-rhel8
odh-ml-pipelines-api-server-v2-rhel8
odh-kuberay-operator-controller-rhel8
odh-modelmesh-serving-controller-rhel8
odh-ml-pipelines-persistenceagent-v2-rhel8
odh-ml-pipelines-scheduledworkflow-v2-rhel8
registry.redhat.io/rhoai/odh-dashboard-rhel8
*
odh-data-science-pipelines-argo-argoexec-rhel8
odh-data-science-pipelines-operator-controller-rhel8
odh-data-science-pipelines-argo-workflowcontroller-rhel8
CVE-2024-10295
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 10 months, 2 weeks ago
Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request

A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream.

gateway
=<2.14.2
3scale-amp-apicast-gateway-container
CVE-2010-3872
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 10 months, 2 weeks ago
Httpd: mod_fcgid: stack-based buffer overflow in fcgid_header_bucket_read() in modules/fcgid/fcgid_bucket.c

A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.

mod_fcgid
CVE-2008-0888 created 10 months, 2 weeks ago
The NEEDBITS macro in the inflate_dynamic function in inflate.c for …

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

unzip
<6.0
CVE-2024-9979
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 10 months, 2 weeks ago
Pyo3: risk of use-after-free in `borrowed` reads from python weak references

A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.

pyo3
<0.22.4
python-rpds-py
python3.11-nh3
python3.11-rpds-py
python3.11-cryptography
python3.12-cryptography