CVSS: 6.4EPSS: 0%CPEs: 28EXPL: 0CVE-2023-1932 – Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss
https://notcve.org/view.php?id=CVE-2023-1932
07 Nov 2024 — A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks. Se encontró una falla en el método 'isValid' de hibernate-validator en la clase org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator, que se puede evitar omitiendo la ... • https://access.redhat.com/security/cve/CVE-2023-1932 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-9902 – Ansible-core: ansible-core user may read/write unauthorized content
https://notcve.org/view.php?id=CVE-2024-9902
06 Nov 2024 — A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner. An update for openstack-ansible-core is now avail... • https://access.redhat.com/security/cve/CVE-2024-9902 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 30EXPL: 0CVE-2024-9355 – Golang-fips: golang fips zeroed buffer
https://notcve.org/view.php?id=CVE-2024-9355
01 Oct 2024 — A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This... • https://access.redhat.com/security/cve/CVE-2024-9355 • CWE-457: Use of Uninitialized Variable •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8007 – Openstack-tripleo-common: rhosp director disables tls verification for registry mirrors
https://notcve.org/view.php?id=CVE-2024-8007
21 Aug 2024 — A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack. A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verif... • https://access.redhat.com/security/cve/CVE-2024-8007 • CWE-295: Improper Certificate Validation •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-7319 – Openstack-heat: incomplete fix for cve-2023-1625
https://notcve.org/view.php?id=CVE-2024-7319
02 Aug 2024 — An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied. • https://access.redhat.com/security/cve/CVE-2024-7319 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.3EPSS: 0%CPEs: 44EXPL: 0CVE-2024-3727 – Containers/image: digest type does not guarantee valid type
https://notcve.org/view.php?id=CVE-2024-3727
09 May 2024 — A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. Se encontró una falla en la librería github.com/containers/image. Esta falla permite a los atacantes activar accesos inesperados al registro autenticado en nombre de un usuario víctima, lo que provoca agotamiento de recursos, path traversal local y otros ataques. Red Hat ... • https://access.redhat.com/errata/RHSA-2024:0045 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 8.5EPSS: 0%CPEs: 21EXPL: 0CVE-2024-1135 – HTTP Request Smuggling in benoitc/gunicorn
https://notcve.org/view.php?id=CVE-2024-1135
16 Apr 2024 — Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerabilit... • https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 1%CPEs: 38EXPL: 0CVE-2024-1394 – Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads
https://notcve.org/view.php?id=CVE-2024-1394
21 Mar 2024 — A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fa... • https://access.redhat.com/errata/RHSA-2024:1462 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.9EPSS: 78%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-5625 – Python-eventlet: patch regression for cve-2021-21419 in some red hat builds
https://notcve.org/view.php?id=CVE-2023-5625
01 Nov 2023 — A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products. Se introdujo una regresión en la compilación de Red Hat de python-eventlet debido a un cambio en la estrategia de aplicación del parche, lo que provocó que no se aplicara un parche para CVE-2021-21419 para todas las compilaciones de todos los productos. Red Hat OpenShift Container Platform release 4.12... • https://access.redhat.com/errata/RHSA-2023:6128 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •