Lucene search
K
RedhatRecent

115831 matches found

RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•9 views

firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Uninitialized memory in the Audio/Video: Web Codecs component...

9.8CVSS5.7AI score0.00399EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•17 views

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

9.8CVSS6AI score0.04938EPSS
Exploits1References26
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•10 views

firefox: thunderbird: Privilege escalation in the Networking component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Networking component...

8.8CVSS5.7AI score0.00221EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•9 views

firefox: thunderbird: Use-after-free in the WebRTC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the WebRTC component...

7.5CVSS5.7AI score0.004EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•10 views

firefox: thunderbird: Other issue in the Libraries component in NSS

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Other issue in the Libraries component in NSS...

5.3CVSS5.7AI score0.00227EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•9 views

firefox: thunderbird: Privilege escalation in the Graphics: WebRender component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Graphics: WebRender component...

8.8CVSS5.7AI score0.00483EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•9 views

firefox: thunderbird: Incorrect boundary conditions in the WebRTC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the WebRTC component...

7.5CVSS5.7AI score0.00306EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•9 views

firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the WebRTC: Networking component...

7.8CVSS5.7AI score0.0011EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•10 views

firefox: thunderbird: Privilege escalation in the Debugger component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Debugger component...

8.8CVSS5.7AI score0.00226EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•11 views

firefox: thunderbird: Use-after-free in the Widget: Cocoa component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Widget: Cocoa component...

7.5CVSS5.7AI score0.00363EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•9 views

firefox: thunderbird: Other issue in the Storage: IndexedDB component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Other issue in the Storage: IndexedDB component...

6.5CVSS6AI score0.04938EPSS
Exploits1References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•8 views

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

9.8CVSS5.7AI score0.00309EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•7 views

firefox: thunderbird: Information disclosure in the Form Autofill component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Form Autofill component...

5.3CVSS5.7AI score0.00215EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•8 views

firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the DOM: Device Interfaces component...

6.5CVSS5.7AI score0.00231EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•12 views

firefox: thunderbird: Mitigation bypass in the File Handling component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the File Handling component...

6.5CVSS5.7AI score0.00191EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•11 views

firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...

6.3CVSS5.7AI score0.00157EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•10 views

firefox: thunderbird: Incorrect boundary conditions in the WebRTC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the WebRTC component...

7.5CVSS5.7AI score0.00306EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•8 views

firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Uninitialized memory in the Audio/Video: Web Codecs component...

7.5CVSS5.7AI score0.00307EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•7 views

firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component...

7.5CVSS5.7AI score0.00403EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•9 views

firefox: thunderbird: Use-after-free in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Core & HTML component...

7.5CVSS5.7AI score0.00586EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•9 views

firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Invalid pointer in the JavaScript: WebAssembly component...

6.3CVSS5.7AI score0.00293EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•11 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume th...

7.5CVSS5.9AI score0.00499EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:47 p.m.•12 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corrupti...

7.5CVSS5.9AI score0.00513EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 7:28 p.m.•10 views

Moderate: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS6.9AI score0.00765EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/05/14 7:28 p.m.•12 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.8AI score0.00765EPSS
Exploits1References8
RedHat Linux
RedHat Linux
•added 2026/05/14 6:57 p.m.•8 views

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to...

7.6CVSS6.3AI score0.00585EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/05/14 6:57 p.m.•10 views

Moderate: Red Hat Security Advisory: libpng security update

An update for libpng is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.6CVSS6.3AI score0.00585EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/05/14 5:52 p.m.•12 views

OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file

A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker could exploit an integer overflow vulnerability in the internalexrundopiz function by providing a specially crafted EXR file. This flaw leads to out-of-bounds reads and writes, which may allow...

8.8CVSS6.3AI score0.00482EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/05/14 5:52 p.m.•11 views

Important: Red Hat Security Advisory: openexr security update

An update for openexr is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.8CVSS6.2AI score0.00482EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/05/14 5:49 p.m.•10 views

OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file

A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker could exploit an integer overflow vulnerability in the internalexrundopiz function by providing a specially crafted EXR file. This flaw leads to out-of-bounds reads and writes, which may allow...

8.8CVSS6.3AI score0.00482EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/05/14 5:49 p.m.•10 views

Important: Red Hat Security Advisory: openexr update

Please update Please update...

8.8CVSS5.8AI score0.00482EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/05/14 5:44 p.m.•12 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet8.0: aspnetcore-runtime-8.0-8.0.27-1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-8.0-8.0.27-1.hum1 aarch64, x8664 aspnetcore-targeting-pack-8.0-8.0.27-1.hum1 aarch64, x8664...

7.5CVSS5.8AI score0.0243EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/14 5:23 p.m.•10 views

Important: Red Hat Security Advisory: openexr security update

An update for openexr is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.8CVSS6.2AI score0.00482EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/05/14 5:23 p.m.•16 views

OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file

A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker could exploit an integer overflow vulnerability in the internalexrundopiz function by providing a specially crafted EXR file. This flaw leads to out-of-bounds reads and writes, which may allow...

8.8CVSS6.3AI score0.00482EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/05/14 4:55 p.m.•13 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS6.7AI score0.0064EPSS
Exploits1References8
RedHat Linux
RedHat Linux
•added 2026/05/14 4:55 p.m.•8 views

netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...

8.7CVSS6.9AI score0.01125EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/14 4:55 p.m.•10 views

Spring Boot: Spring Boot: Authentication bypass via misconfigured Health Group additional path

A flaw was found in Spring Boot. This vulnerability, an authentication bypass, occurs when an application endpoint requiring authentication is declared under a specific path already configured for a Health Group additional path. A remote attacker could exploit this to bypass authentication,...

8.2CVSS7.2AI score0.00334EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/14 4:55 p.m.•13 views

bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpg. A specially crafted PGP AEAD Authenticated Encryption with Associated Data message with an unbounded chunk size can lead to an excessive consumption of memory. This issue allows an unauthenticated remote attacker to cause memory...

8.7CVSS5.8AI score0.00758EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/14 4:55 p.m.•7 views

bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The LDAPStoreHelper implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying...

6.9CVSS5.8AI score0.00527EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 4:55 p.m.•21 views

bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The GOSTCTR implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected by the G3413CTRBlockCiphe...

9.3CVSS5.8AI score0.00313EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/14 4:55 p.m.•8 views

Apache Kafka Clients: Apache Kafka Clients: Information disclosure and data corruption due to race condition in producer buffer management

A flaw was found in the Apache Kafka Java producer client. A race condition in the client's buffer pool management can cause messages to be silently delivered to incorrect topics. This occurs when a message batch expires while its network request is still active, leading to premature buffer...

8.7CVSS5.8AI score0.00328EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 4:55 p.m.•14 views

camel-infinispan: camel-infinispan: Remote Code Execution via Unsafe Deserialization

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...

7.5CVSS6.1AI score0.00667EPSS
Exploits1References4
RedHat Linux
RedHat Linux
•added 2026/05/14 4:55 p.m.•9 views

Apache MINA: Apache MINA: Arbitrary code execution via classname allowlist bypass

A flaw was found in Apache MINA. A remote attacker could exploit a vulnerability in the AbstractIoBuffer.resolveClass method, which failed to properly validate class names for static classes or primitive types. This bypasses the intended security control, known as a classname allowlist, allowing ...

9.8CVSS7AI score0.0064EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/14 4:55 p.m.•11 views

camel-http: Apache Camel: Information disclosure and authentication bypass in embedded HTTP/management servers

A flaw was found in the Apache Camel embedded HTTP server and embedded management server camel-platform-http-main. When authentication is enabled and a non-root context path is configured, the authentication handler incorrectly matches only the exact configured path, not its subpaths. This allows...

8.2CVSS5.7AI score0.00622EPSS
Exploits1References6
RedHat Linux
RedHat Linux
•added 2026/05/14 4:55 p.m.•10 views

Apache Camel: camel-coap: Apache Camel camel-coap: Remote code execution via CoAP URI query parameter injection

A flaw was found in Apache Camel's camel-coap component. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted CoAP Constrained Application Protocol UDP User Datagram Protocol packet. The camel-coap component improperly processes URI query parameters,...

10CVSS6.4AI score0.06157EPSS
Exploits2References5
RedHat Linux
RedHat Linux
•added 2026/05/14 4:55 p.m.•8 views

org.apache.artemis:artemis-server: org.apache.activemq:artemis-server: Apache Artemis, Apache ActiveMQ Artemis: Message injection and exfiltration due to missing authentication

A flaw was found in Apache Artemis and Apache ActiveMQ Artemis. An unauthenticated remote attacker can exploit a missing authentication for critical function vulnerability by using the Core protocol. This allows the attacker to force a target broker to establish an outbound Core federation...

9.8CVSS7.3AI score0.10629EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/05/14 4:55 p.m.•13 views

bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

7.5CVSS7.1AI score0.00392EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/14 4:55 p.m.•8 views

org.eclipse.jetty.ee10/jetty-ee10: early return from the JASPIAuthenticator class without clearing ThreadLocal variables

A flaw was found in Eclipse Jetty. The JASPIAuthenticator class is responsible for handling authentication checks. During these checks, the class sets two ThreadLocal variables to store authentication state. Under certain conditions, the authentication process can return early without properly...

7.4CVSS5.8AI score0.00529EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/14 4:55 p.m.•7 views

org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access...

9.1CVSS5.8AI score0.01127EPSS
Exploits1References6
RedHat Linux
RedHat Linux
•added 2026/05/14 4:55 p.m.•12 views

Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage

A flaw was found in Apache Camel. A remote attacker could exploit a deserialization vulnerability by sending a specially crafted Java Message Service JMS ObjectMessage to a Camel application acting as a JMS consumer. This vulnerability arises because the application deserializes the message paylo...

9.8CVSS6.4AI score0.00881EPSS
Exploits1References6
Total number of security vulnerabilities115831