CVSS: 7.8EPSS: 0%CPEs: 39EXPL: 0CVE-2025-3155 – Yelp: arbitrary file read
https://notcve.org/view.php?id=CVE-2025-3155
03 Apr 2025 — A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. An update for yelp is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. • https://access.redhat.com/errata/RHSA-2025:4450 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.0EPSS: 2%CPEs: 51EXPL: 0CVE-2025-2784 – Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content
https://notcve.org/view.php?id=CVE-2025-2784
03 Apr 2025 — A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. It was discovered that libsoup could be made to read out of bounds. An attacker could possibly use this issue to cause applications using libsoup to crash, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2025-2784 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 41EXPL: 0CVE-2024-12087 – Rsync: path traversal vulnerability in rsync
https://notcve.org/view.php?id=CVE-2024-12087
14 Jan 2025 — A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write m... • https://access.redhat.com/security/cve/CVE-2024-12087 • CWE-35: Path Traversal: '.../ •
CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 0CVE-2024-12088 – Rsync: --safe-links option bypass leads to path traversal
https://notcve.org/view.php?id=CVE-2024-12088
14 Jan 2025 — A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. • https://access.redhat.com/security/cve/CVE-2024-12088 • CWE-35: Path Traversal: '.../ •
CVSS: 6.8EPSS: 2%CPEs: 38EXPL: 0CVE-2024-9676 – Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)
https://notcve.org/view.php?id=CVE-2024-9676
15 Oct 2024 — A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to r... • https://access.redhat.com/errata/RHSA-2024:10289 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.4EPSS: 0%CPEs: 43EXPL: 0CVE-2024-9675 – Buildah: buildah allows arbitrary directory mount
https://notcve.org/view.php?id=CVE-2024-9675
09 Oct 2024 — A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah. Red Hat OpenShift Container Platform release 4.16.38 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed in... • https://access.redhat.com/security/cve/CVE-2024-9675 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-4629 – Keycloak: potential bypass of brute force protection
https://notcve.org/view.php?id=CVE-2024-4629
03 Sep 2024 — A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems. New images are available for Red Hat build of Keycloak 22.0.12 and ... • https://access.redhat.com/security/cve/CVE-2024-4629 • CWE-837: Improper Enforcement of a Single, Unique Action •
CVSS: 8.1EPSS: 56%CPEs: 54EXPL: 100CVE-2024-6387 – Openssh: regresshion - race condition in ssh allows rce/dos
https://notcve.org/view.php?id=CVE-2024-6387
01 Jul 2024 — A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Se encontró una condición de ejecución del controlador de señales en el servidor de OpenSSH (sshd), donde un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada, 600 en versiones anter... • https://packetstorm.news/files/id/179290 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •
CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 1CVE-2024-3049 – Booth: specially crafted hash can lead to invalid hmac being accepted by booth server
https://notcve.org/view.php?id=CVE-2024-3049
06 Jun 2024 — A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server. Se encontró una falla en Booth, un administrador de tickets de clúster. Si se pasa un hash especialmente manipulado a gcry_md_get_algo_dlen(), es posible que el servidor Booth acepte un HMAC no válido. An update for booth is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterp... • https://github.com/truonghuuphuc/CVE-2024-30491-Poc • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.3EPSS: 0%CPEs: 39EXPL: 0CVE-2024-1488 – Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation
https://notcve.org/view.php?id=CVE-2024-1488
15 Feb 2024 — A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. Se encontr... • https://access.redhat.com/errata/RHSA-2024:1750 • CWE-15: External Control of System or Configuration Setting CWE-276: Incorrect Default Permissions •