Lucene search
K
RedhatRecent

115831 matches found

RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.14 views

Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory

A flaw was found in Spring Boot. A local attacker on the same host as the application may be able to take control of the ApplicationTemp directory due to predictable temporary directory handling. When the server.servlet.session.persistent setting is enabled and the attack persists across...

7CVSS6.1AI score0.00136EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.22 views

Spring Boot: Spring Boot: Remote code execution via timing attack in DevTools remote secret comparison

A flaw was found in Spring Boot. An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about a remote secret. In extreme circumstances, this could allow the attacker to determine the secret and upload changed classes, leading to...

7.5CVSS6.4AI score0.00262EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.8 views

org.apache.camel/camel-infinispan: Apache Camel camel-infinispan: Arbitrary code execution via deserialization of untrusted data

A flaw was found in the camel-infinispan component of Apache Camel. A remote attacker, with the ability to write to the Infinispan cache, can inject a specially crafted serialized Java object. When this object is deserialized during normal aggregation repository operations, it can lead to arbitra...

8.8CVSS6.3AI score0.00711EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.19 views

Apache Camel: org.apache.camel: Apache Camel: Remote Code Execution and Arbitrary File Write via case-variant header injection

A flaw was found in Apache Camel. A remote attacker with Java Message Service JMS producer access could exploit a vulnerability in how certain header filter strategies process case-variant internal headers. This discrepancy, where filtering is case-sensitive but header processing is not, allows f...

9.9CVSS6.4AI score0.0086EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.8 views

Apache Camel: Camel-Mail: Camel-Mail: Altered application behavior via header injection

A flaw was found in the Camel-Mail component. An attacker can exploit this by sending a specially crafted email to a mailbox monitored by a Camel application. Due to a missing inbound filter, malicious headers within the email are not properly filtered, allowing them to alter the behavior of othe...

9.4CVSS5.7AI score0.00621EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.8 views

org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method

A flaw was found in plexus-utils. This vulnerability, known as a Directory Traversal, exists within the extractFile method. An attacker can exploit this to execute unauthorized code on the system in the context of the current working user...

8.8CVSS6AI score0.00663EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.11 views

Spring Boot: Spring Boot: Weak pseudo-random number generation can lead to information disclosure.

A flaw was found in Spring Boot. The $random.value property source utilizes a weak pseudo-random number generator PRNG, meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information...

8.2CVSS5.7AI score0.00312EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.19 views

Critical: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18.1 for Spring Boot release.

Red Hat build of Apache Camel 4.18.1 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.3AI score0.10629EPSS
Exploits11References24
RedHat Linux
RedHat Linux
added 2026/05/14 4:47 p.m.8 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: syft: syft-1.44.0-0.3.hum1 aarch64, x8664 syft-1.44.0-0.3.hum1.src src...

7.4CVSS5.8AI score0.00259EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/14 4:35 p.m.10 views

Important: Red Hat Security Advisory: openexr security update

An update for openexr is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

8.8CVSS6.2AI score0.00482EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/05/14 4:35 p.m.10 views

OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file

A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker could exploit an integer overflow vulnerability in the internalexrundopiz function by providing a specially crafted EXR file. This flaw leads to out-of-bounds reads and writes, which may allow...

8.8CVSS6.3AI score0.00482EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/14 4:26 p.m.18 views

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.6.11 security update

The multicluster engine for Kubernetes 2.6 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.6 images The multicluster engine for Kubernetes provides the foundational components that are...

10CVSS6.8AI score0.01815EPSS
Exploits12References10
RedHat Linux
RedHat Linux
added 2026/05/14 3:58 p.m.9 views

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to...

7.6CVSS6.3AI score0.00585EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/14 3:58 p.m.11 views

Moderate: Red Hat Security Advisory: libpng security update

An update for libpng is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.6CVSS6.3AI score0.00585EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/14 3:35 p.m.13 views

dovecot: denial of service via specially crafted NOOP command

A flaw was found in dovecot. An unauthenticated and remote attacker can send a specially crafted "NOOP" command containing numerous open and close parentheses without a command-ending line feed, causing the server to allocate an excessive amount of memory, resulting in a denial of service...

7.5CVSS5.8AI score0.00667EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/14 3:35 p.m.11 views

dovecot: denial of service via crafted message before authentication

A flaw was found in dovecot. An unauthenticated and remote attacker can send a crafted message that causes managesieve to allocate an excessive amount of memory, forcing managesieve-login to be unavailable by repeatedly crashing the process, resulting in a denial of service...

7.5CVSS5.8AI score0.0079EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/14 3:35 p.m.11 views

Important: Red Hat Security Advisory: dovecot security update

An update for dovecot is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2026/05/14 3:35 p.m.9 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...

7.5CVSS5.8AI score0.00703EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/14 3:19 p.m.8 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...

7.5CVSS5.8AI score0.00703EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/14 3:19 p.m.7 views

dovecot: denial of service via specially crafted NOOP command

A flaw was found in dovecot. An unauthenticated and remote attacker can send a specially crafted "NOOP" command containing numerous open and close parentheses without a command-ending line feed, causing the server to allocate an excessive amount of memory, resulting in a denial of service...

7.5CVSS5.8AI score0.00667EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/14 3:19 p.m.14 views

dovecot: denial of service via crafted message before authentication

A flaw was found in dovecot. An unauthenticated and remote attacker can send a crafted message that causes managesieve to allocate an excessive amount of memory, forcing managesieve-login to be unavailable by repeatedly crashing the process, resulting in a denial of service...

7.5CVSS5.8AI score0.0079EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/14 3:19 p.m.10 views

Important: Red Hat Security Advisory: dovecot security update

An update for dovecot is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2026/05/14 3:19 p.m.11 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...

7.5CVSS5.8AI score0.00703EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/14 3:19 p.m.15 views

dovecot: denial of service via crafted message before authentication

A flaw was found in dovecot. An unauthenticated and remote attacker can send a crafted message that causes managesieve to allocate an excessive amount of memory, forcing managesieve-login to be unavailable by repeatedly crashing the process, resulting in a denial of service...

7.5CVSS5.8AI score0.0079EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/14 3:19 p.m.8 views

dovecot: denial of service via specially crafted NOOP command

A flaw was found in dovecot. An unauthenticated and remote attacker can send a specially crafted "NOOP" command containing numerous open and close parentheses without a command-ending line feed, causing the server to allocate an excessive amount of memory, resulting in a denial of service...

7.5CVSS5.8AI score0.00667EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/14 3:19 p.m.12 views

Important: Red Hat Security Advisory: dovecot security update

An update for dovecot is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2026/05/14 3:18 p.m.13 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.66 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.66 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

8.8CVSS6.1AI score0.93235EPSS
Exploits31References2
RedHat Linux
RedHat Linux
added 2026/05/14 3:5 p.m.8 views

dovecot: denial of service via specially crafted NOOP command

A flaw was found in dovecot. An unauthenticated and remote attacker can send a specially crafted "NOOP" command containing numerous open and close parentheses without a command-ending line feed, causing the server to allocate an excessive amount of memory, resulting in a denial of service...

7.5CVSS5.8AI score0.00667EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/14 3:5 p.m.9 views

dovecot: denial of service via crafted message before authentication

A flaw was found in dovecot. An unauthenticated and remote attacker can send a crafted message that causes managesieve to allocate an excessive amount of memory, forcing managesieve-login to be unavailable by repeatedly crashing the process, resulting in a denial of service...

7.5CVSS5.8AI score0.0079EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/14 3:5 p.m.10 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...

7.5CVSS5.8AI score0.00703EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/14 3:5 p.m.11 views

Important: Red Hat Security Advisory: dovecot security update

An update for dovecot is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2026/05/14 3:2 p.m.10 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS6.3AI score0.00579EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/05/14 3:2 p.m.9 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/14 3:2 p.m.12 views

Important: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

9.1CVSS6.4AI score0.00579EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/14 2:36 p.m.27 views

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to...

7.6CVSS6.3AI score0.00585EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/14 2:36 p.m.13 views

Moderate: Red Hat Security Advisory: libpng security update

An update for libpng is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.6CVSS6.3AI score0.00585EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/14 2:35 p.m.13 views

ImageMagick: ImageMagick: Denial of Service via out-of-bounds write in NewXMLTree method

A flaw was found in ImageMagick. The NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. This vulnerability could allow a remote attacker to cause a Denial of Service DoS by providing a specially crafted image, leading to system...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/14 2:35 p.m.9 views

Moderate: Red Hat Security Advisory: ImageMagick security update

An update for ImageMagick is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

7.5CVSS5.7AI score0.00475EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/14 2:6 p.m.9 views

dovecot: denial of service via crafted message before authentication

A flaw was found in dovecot. An unauthenticated and remote attacker can send a crafted message that causes managesieve to allocate an excessive amount of memory, forcing managesieve-login to be unavailable by repeatedly crashing the process, resulting in a denial of service...

7.5CVSS5.8AI score0.0079EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/14 2:6 p.m.10 views

dovecot: denial of service via specially crafted NOOP command

A flaw was found in dovecot. An unauthenticated and remote attacker can send a specially crafted "NOOP" command containing numerous open and close parentheses without a command-ending line feed, causing the server to allocate an excessive amount of memory, resulting in a denial of service...

7.5CVSS5.8AI score0.00667EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/14 2:6 p.m.10 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...

7.5CVSS5.8AI score0.00703EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/14 2:6 p.m.11 views

Important: Red Hat Security Advisory: dovecot security update

An update for dovecot is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2026/05/14 1:49 p.m.14 views

Important: Red Hat Security Advisory: Red Hat Enterprise Linux AI 3.3.3

Red Hat Enterprise Linux AI 3.3.3 is now available. Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models LLMs for enterprise applications...

8.7CVSS7.2AI score0.00679EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/14 1:48 p.m.11 views

Important: Red Hat Security Advisory: Red Hat Enterprise Linux AI 3.3.3

Red Hat Enterprise Linux AI 3.3.3 is now available. Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models LLMs for enterprise applications...

8.7CVSS7.1AI score0.00671EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/14 1:6 p.m.12 views

Moderate: Red Hat Security Advisory: libpng security update

An update for libpng is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.6CVSS6.3AI score0.00585EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/14 1:6 p.m.9 views

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to...

7.6CVSS6.3AI score0.00585EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/14 1:2 p.m.12 views

PackageKit: race condition vulnerability leads to arbitrary package installation as root

A flaw was found in PackageKit. A time-of-check time-of-use TOCTOU race condition on transaction flags allows unprivileged users to install packages as root, resulting in a local privilege escalation...

8.8CVSS5.7AI score0.0046EPSS
Exploits10References9
RedHat Linux
RedHat Linux
added 2026/05/14 1:2 p.m.14 views

Important: Red Hat Security Advisory: PackageKit security update

An update for PackageKit is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update a...

8.8CVSS5.9AI score0.0046EPSS
Exploits10References2
RedHat Linux
RedHat Linux
added 2026/05/14 1:1 p.m.10 views

Important: Red Hat Security Advisory: PackageKit security update

An update for PackageKit is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

8.8CVSS5.9AI score0.0046EPSS
Exploits10References2
RedHat Linux
RedHat Linux
added 2026/05/14 1:1 p.m.16 views

PackageKit: race condition vulnerability leads to arbitrary package installation as root

A flaw was found in PackageKit. A time-of-check time-of-use TOCTOU race condition on transaction flags allows unprivileged users to install packages as root, resulting in a local privilege escalation...

8.8CVSS5.7AI score0.0046EPSS
Exploits10References9
Total number of security vulnerabilities115831