Lucene search
K
RedhatRecent

115813 matches found

RedHat Linux
RedHat Linux
•added 2026/05/19 10:14 p.m.•10 views

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...

7.8CVSS6AI score0.00393EPSS
Exploits1References7
RedHat Linux
RedHat Linux
•added 2026/05/19 10:14 p.m.•60 views

Important: Red Hat Security Advisory: rsync security update

An update for rsync is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.8CVSS7.2AI score0.01761EPSS
Exploits2References3
RedHat Linux
RedHat Linux
•added 2026/05/19 10:14 p.m.•14 views

rsync: rsync server leaks arbitrary client files

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

6.8CVSS7.1AI score0.01761EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/05/19 10:12 p.m.•20 views

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

8.2CVSS7.2AI score0.00566EPSS
Exploits1References7
RedHat Linux
RedHat Linux
•added 2026/05/19 10:12 p.m.•24 views

Important: Red Hat Security Advisory: python-markdown security update

An update for python-markdown is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

8.2CVSS7.2AI score0.00566EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/05/19 10:6 p.m.•16 views

libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

7.8CVSS6.1AI score0.00553EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/05/19 10:6 p.m.•20 views

Important: Red Hat Security Advisory: libtiff security update

An update for libtiff is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.8CVSS6.3AI score0.00553EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/05/19 10:5 p.m.•9 views

nginx: NGINX: Arbitrary Code Execution Vulnerability

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

9.2CVSS6.6AI score0.61469EPSS
Exploits40References6
RedHat Linux
RedHat Linux
•added 2026/05/19 10:5 p.m.•19 views

Critical: Red Hat Security Advisory: nginx security update

An update for nginx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.2CVSS6.1AI score0.61469EPSS
Exploits40References2
RedHat Linux
RedHat Linux
•added 2026/05/19 10:5 p.m.•11 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS6.6AI score0.00269EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/05/19 10:5 p.m.•13 views

pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...

7.5CVSS6.6AI score0.0058EPSS
Exploits1References6
RedHat Linux
RedHat Linux
•added 2026/05/19 10:5 p.m.•10 views

cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification ECDSA and...

8.2CVSS6.8AI score0.00341EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/19 10:5 p.m.•10 views

Important: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.2CVSS6.7AI score0.0058EPSS
Exploits2References4
RedHat Linux
RedHat Linux
•added 2026/05/19 10:4 p.m.•11 views

nginx: NGINX: Arbitrary Code Execution Vulnerability

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

9.2CVSS6.6AI score0.61469EPSS
Exploits40References6
RedHat Linux
RedHat Linux
•added 2026/05/19 10:4 p.m.•12 views

Critical: Red Hat Security Advisory: nginx:1.26 security update

An update for the nginx:1.26 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.2CVSS6.1AI score0.61469EPSS
Exploits40References2
RedHat Linux
RedHat Linux
•added 2026/05/19 10:4 p.m.•18 views

TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions

A flaw was found in TigerVNC's x0vncserver component. Due to incorrect permissions in the Image.cxx file, other users on the system can observe or manipulate the screen contents of a running session. This vulnerability could also lead to an application crash, resulting in a Denial of Service DoS...

9.8CVSS5.8AI score0.00247EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/05/19 10:4 p.m.•10 views

xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash,...

7.8CVSS5.7AI score0.0025EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/05/19 10:4 p.m.•24 views

xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially...

7.8CVSS5.8AI score0.00264EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/05/19 10:4 p.m.•10 views

xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing.

A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the CheckSetGeom and XkbAddGeomKeyAlias functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server,...

9.1CVSS5.7AI score0.00489EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/05/19 10:4 p.m.•11 views

xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

7.8CVSS6AI score0.0038EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/05/19 10:4 p.m.•10 views

Important: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS5.8AI score0.00489EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/19 10:2 p.m.•19 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7.2AI score0.00292EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/05/19 10:2 p.m.•10 views

grafana: Grafana: Information disclosure of data-source passwords via public dashboards

A flaw was found in Grafana. When public dashboards are used with direct data-sources, sensitive credentials, specifically passwords for all direct data-sources, are exposed. This information disclosure occurs even when these data-sources are not actively utilized in the dashboards. A remote...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/19 10:2 p.m.•21 views

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/05/19 10:2 p.m.•12 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/05/19 10:0 p.m.•18 views

nginx: NGINX: Arbitrary Code Execution Vulnerability

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

9.2CVSS6.6AI score0.61469EPSS
Exploits40References6
RedHat Linux
RedHat Linux
•added 2026/05/19 10:0 p.m.•12 views

Critical: Red Hat Security Advisory: nginx:1.24 security update

An update for the nginx:1.24 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.2CVSS6.1AI score0.61469EPSS
Exploits40References2
RedHat Linux
RedHat Linux
•added 2026/05/19 10:0 p.m.•19 views

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

7.5CVSS5.8AI score0.00426EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/19 10:0 p.m.•13 views

FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a heap buffer overflow vulnerability in the resizevbarentry function. This occurs when an error in buffer resizing leads to attacker-controlled pixel data being written into an...

7.5CVSS6.2AI score0.00398EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/19 10:0 p.m.•14 views

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.5CVSS6.5AI score0.00426EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/05/19 10:0 p.m.•11 views

Important: Red Hat Security Advisory: giflib update

Please update Please update...

5.1CVSS7.1AI score0.00144EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/05/19 10:0 p.m.•20 views

giflib: Giflib: Double-free vulnerability leading to memory corruption

A flaw was found in giflib. This double-free vulnerability, caused by a shallow copy in GifMakeSavedImage and incorrect error handling, may allow an attacker to corrupt memory. While difficult to trigger, successful exploitation could potentially lead to arbitrary code execution or a denial of...

5.1CVSS7.6AI score0.00144EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/19 9:57 p.m.•11 views

dovecot: denial of service via crafted message before authentication

A flaw was found in dovecot. An unauthenticated and remote attacker can send a crafted message that causes managesieve to allocate an excessive amount of memory, forcing managesieve-login to be unavailable by repeatedly crashing the process, resulting in a denial of service...

7.5CVSS5.8AI score0.0079EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/19 9:57 p.m.•18 views

dovecot: denial of service via specially crafted NOOP command

A flaw was found in dovecot. An unauthenticated and remote attacker can send a specially crafted "NOOP" command containing numerous open and close parentheses without a command-ending line feed, causing the server to allocate an excessive amount of memory, resulting in a denial of service...

7.5CVSS5.8AI score0.00667EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/05/19 9:57 p.m.•15 views

Important: Red Hat Security Advisory: dovecot security update

An update for dovecot is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References4
RedHat Linux
RedHat Linux
•added 2026/05/19 9:57 p.m.•15 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...

7.5CVSS5.8AI score0.00703EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/05/19 9:57 p.m.•13 views

PackageKit: race condition vulnerability leads to arbitrary package installation as root

A flaw was found in PackageKit. A time-of-check time-of-use TOCTOU race condition on transaction flags allows unprivileged users to install packages as root, resulting in a local privilege escalation...

8.8CVSS5.8AI score0.0046EPSS
Exploits10References9
RedHat Linux
RedHat Linux
•added 2026/05/19 9:57 p.m.•60 views

Important: Red Hat Security Advisory: PackageKit security update

An update for PackageKit is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

8.8CVSS5.9AI score0.0046EPSS
Exploits10References2
RedHat Linux
RedHat Linux
•added 2026/05/19 9:57 p.m.•11 views

xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash,...

7.8CVSS5.7AI score0.0025EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/05/19 9:57 p.m.•14 views

xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially...

7.8CVSS5.8AI score0.00264EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/05/19 9:57 p.m.•10 views

xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

7.8CVSS6AI score0.0038EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/05/19 9:57 p.m.•12 views

Important: Red Hat Security Advisory: xorg-x11-server security update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

7.8CVSS5.8AI score0.0038EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/05/19 9:56 p.m.•11 views

freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0

A division by zero flaw has been discovered in FreeRDP. This division by zero exists in the MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % blocksize where blocksize = context-common.format.nBlockAlign. The...

7.5CVSS5.7AI score0.00303EPSS
Exploits1References7
RedHat Linux
RedHat Linux
•added 2026/05/19 9:56 p.m.•11 views

freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId

A heap based buffer overflow flaw has been discovered in FreeRDP. This client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to maxCells,...

8.2CVSS6.2AI score0.00309EPSS
Exploits1References6
RedHat Linux
RedHat Linux
•added 2026/05/19 9:56 p.m.•13 views

freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The StreamEnsureCapacity function can create an endless blocking loop, leading to a Denial of Service DoS. This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than o...

7.5CVSS5.8AI score0.00346EPSS
Exploits1References6
RedHat Linux
RedHat Linux
•added 2026/05/19 9:56 p.m.•9 views

freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This double free vulnerability occurs during the cleanup process when a remote desktop session disconnects. Specifically, if a title allocation fails, a pointer to an application window is freed but not removed fro...

7.5CVSS5.8AI score0.00476EPSS
Exploits1References12
RedHat Linux
RedHat Linux
•added 2026/05/19 9:56 p.m.•8 views

freerdp: FreeRDP: Denial of service due to use-after-free vulnerability

A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...

9.8CVSS5.8AI score0.00599EPSS
Exploits1References15
RedHat Linux
RedHat Linux
•added 2026/05/19 9:56 p.m.•11 views

Moderate: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS5.8AI score0.00599EPSS
Exploits7References9
RedHat Linux
RedHat Linux
•added 2026/05/19 9:56 p.m.•16 views

freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks

An out of bounds read flaw has been discovered in FreeRDP. This out-of-bounds read exists in the MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and stepindex values from input data. An attacker may be able to leverage this weakness to leak global data...

9.4CVSS5.7AI score0.00263EPSS
Exploits1References6
RedHat Linux
RedHat Linux
•added 2026/05/19 9:56 p.m.•13 views

freerdp: FreeRDP: Denial of Service via crafted audio data in RDP

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker can exploit a sizet underflow vulnerability in the IMA-ADPCM and MS-ADPCM audio decoders by sending specially crafted audio data over the RDPSND audio channel. This underflow leads to a...

9.8CVSS5.8AI score0.00317EPSS
Exploits1References6
Total number of security vulnerabilities115813