modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HRed Hat Modulemd
APPRedhat≤ 1.3.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
Related vulnerabilities
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam vendor
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2021-40438CRITICAL9.0⚠ KEVten sam vendor
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
CVE-2019-5544CRITICAL9.8⚠ KEVten sam vendor
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the s...
CVE-2019-7609CRITICAL10.0⚠ KEVten sam vendor
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. A...
CVE-2019-1003030CRITICAL9.9⚠ KEVten sam vendor
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main...