⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-49393
7.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 8 months, 2 weeks ago
Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.

mutt
CVE-2024-11079
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 8 months, 2 weeks ago
Ansible-core: unsafe tagging bypass via hostvars object in ansible-core

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

ansible-core
*
=<2.18.0
rhelai1/bootc-nvidia-rhel9
rhelai1/bootc-azure-nvidia-rhel9
ansible-automation-platform/ee-29-rhel8
*
ansible-automation-platform/ee-minimal-rhel8
*
ansible-automation-platform/ee-minimal-rhel9
*
ansible-automation-platform/ansible-builder-rhel8
*
ansible-automation-platform/ansible-builder-rhel9
*
CVE-2024-10963
7.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 8 months, 2 weeks ago
Pam: improper hostname interpretation in pam_access leads to access control bypass

A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.

pam
==1.5.1
*
==1.3.1
<1.7.0
rhcos
*
odh-rhel8-operator
odh-dashboard-rhel8
odh-modelmesh-rhel8
odh-operator-bundle
odh-mm-rest-proxy-rhel8
odh-model-registry-rhel8
odh-kueue-controller-rhel8
odh-mlmd-grpc-server-rhel8
odh-model-controller-rhel8
odh-trustyai-service-rhel8
odh-training-operator-rhel8
odh-codeflare-operator-rhel8
odh-ml-pipelines-driver-rhel8
odh-notebook-controller-rhel8
odh-ml-pipelines-launcher-rhel8
odh-kf-notebook-controller-rhel8
odh-model-registry-operator-rhel8
odh-modelmesh-runtime-adapter-rhel8
odh-trustyai-service-operator-rhel8
odh-ml-pipelines-api-server-v2-rhel8
odh-kuberay-operator-controller-rhel8
odh-modelmesh-serving-controller-rhel8
odh-ml-pipelines-persistenceagent-v2-rhel8
odh-ml-pipelines-scheduledworkflow-v2-rhel8
registry.redhat.io/rhoai/odh-dashboard-rhel8
*
odh-data-science-pipelines-argo-argoexec-rhel8
odh-data-science-pipelines-operator-controller-rhel8
odh-data-science-pipelines-argo-workflowcontroller-rhel8
CVE-2024-10295
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 8 months, 2 weeks ago
Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request

A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream.

gateway
=<2.14.2
3scale-amp-apicast-gateway-container
CVE-2010-3872
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 8 months, 2 weeks ago
Httpd: mod_fcgid: stack-based buffer overflow in fcgid_header_bucket_read() in modules/fcgid/fcgid_bucket.c

A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.

mod_fcgid
CVE-2008-0888 created 8 months, 3 weeks ago
The NEEDBITS macro in the inflate_dynamic function in inflate.c for …

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

unzip
<6.0
CVE-2024-9979
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 8 months, 3 weeks ago
Pyo3: risk of use-after-free in `borrowed` reads from python weak references

A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.

pyo3
<0.22.4
python-rpds-py
python3.11-nh3
python3.11-rpds-py
python3.11-cryptography
python3.12-cryptography