Lucene search
K
RedhatRecent

115831 matches found

RedHat Linux
RedHat Linux
•added 2026/05/07 6:29 a.m.•12 views

LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow in lossless JPEG loading

A flaw was found in LibRaw. A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality. A remote attacker can exploit this by providing a specially crafted malicious file. This can lead to arbitrary code execution, allowing the attacker to take control of the...

9.8CVSS6.5AI score0.00746EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:29 a.m.•13 views

Important: Red Hat Security Advisory: LibRaw security update

An update for LibRaw is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syst...

9.8CVSS6.6AI score0.00746EPSS
Exploits2References3
RedHat Linux
RedHat Linux
•added 2026/05/07 6:29 a.m.•11 views

LibRaw: LibRaw: Arbitrary code execution via specially crafted image file

A flaw was found in LibRaw, a library used for processing raw image files. This vulnerability, a heap-based buffer overflow, exists within the x3fthumbloader functionality. A remote attacker could exploit this by tricking a user into opening a specially crafted malicious file. Successful...

9.8CVSS6.4AI score0.00645EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•12 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS7.2AI score0.00295EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•9 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS7.2AI score0.0038EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•9 views

webkitgtk: A website may be able to track users through Safari web extensions

A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management...

5.3CVSS7.2AI score0.00222EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•9 views

webkitgtk: A remote attacker may be able to cause a denial-of-service

A flaw was found in WebKitGTK. A remote attacker may be able to cause a denial-of-service due to improper memory handling...

7.5CVSS7.2AI score0.00608EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•14 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS5.7AI score0.00572EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•14 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS5.7AI score0.0072EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•14 views

webkitgtk: A malicious website may be able to process restricted web content outside the sandbox

A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling...

8.8CVSS5.7AI score0.00636EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•9 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS7.2AI score0.00961EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•10 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash...

8.8CVSS6.7AI score0.00559EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•10 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS5.7AI score0.00731EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•11 views

webkitgtk: A maliciously crafted webpage may be able to fingerprint the user

A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•10 views

webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack

A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack...

4.3CVSS5.6AI score0.00276EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•12 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash...

8.8CVSS5.8AI score0.00423EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•14 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management...

8.8CVSS7.2AI score0.00229EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•7 views

webkitgtk: Processing maliciously crafted web content may disclose internal states of the app

A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application...

4.3CVSS5.7AI score0.00266EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•10 views

webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy

A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy...

5.4CVSS6AI score0.00354EPSS
Exploits2References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•9 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS7.2AI score0.00295EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•8 views

webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management...

6.5CVSS5.7AI score0.0061EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/07 6:1 a.m.•24 views

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

8.8CVSS7AI score0.00961EPSS
Exploits2References19
RedHat Linux
RedHat Linux
•added 2026/05/07 5:25 a.m.•14 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/05/07 5:25 a.m.•13 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS6.3AI score0.00579EPSS
Exploits0References10
RedHat Linux
RedHat Linux
•added 2026/05/07 5:25 a.m.•12 views

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

9.1CVSS6.4AI score0.00579EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/05/07 4:55 a.m.•10 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS6.3AI score0.00579EPSS
Exploits0References10
RedHat Linux
RedHat Linux
•added 2026/05/07 4:55 a.m.•17 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/05/07 4:55 a.m.•28 views

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

9.1CVSS6.4AI score0.00579EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/05/07 4:51 a.m.•7 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS7.7AI score0.00579EPSS
Exploits0References10
RedHat Linux
RedHat Linux
•added 2026/05/07 4:51 a.m.•18 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6.7AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/05/07 4:51 a.m.•12 views

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

9.1CVSS7.8AI score0.00579EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/05/07 4:41 a.m.•11 views

LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow in lossless JPEG loading

A flaw was found in LibRaw. A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality. A remote attacker can exploit this by providing a specially crafted malicious file. This can lead to arbitrary code execution, allowing the attacker to take control of the...

9.8CVSS6.5AI score0.00746EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/05/07 4:41 a.m.•21 views

Important: Red Hat Security Advisory: LibRaw security update

An update for LibRaw is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

9.8CVSS6.6AI score0.00746EPSS
Exploits2References3
RedHat Linux
RedHat Linux
•added 2026/05/07 4:41 a.m.•8 views

LibRaw: LibRaw: Arbitrary code execution via specially crafted image file

A flaw was found in LibRaw, a library used for processing raw image files. This vulnerability, a heap-based buffer overflow, exists within the x3fthumbloader functionality. A remote attacker could exploit this by tricking a user into opening a specially crafted malicious file. Successful...

9.8CVSS6.4AI score0.00645EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/05/06 10:25 p.m.•13 views

Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.8CVSS5.9AI score0.00173EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/05/06 10:25 p.m.•33 views

sudo: Sudo: Privilege escalation due to failure in privilege drop calls

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...

7.8CVSS5.8AI score0.00173EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/05/06 9:19 p.m.•9 views

kernel: Linux kernel: Denial of service and memory corruption in RDMA umad

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA umad User Mode Access Device component. A local user can exploit this vulnerability by manipulating input, causing an integer underflow that leads to an out-of-bounds memory write. This memory corruption can result in a denia...

7.8CVSS5.7AI score0.00125EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/06 9:19 p.m.•16 views

kernel: nfsd: release svc_expkey/svc_export with rcu_work

In the Linux kernel, the following vulnerability has been resolved: nfsd: release svcexpkey/svcexport with rcuwork The last reference for cachehead can be reduced to zero in cshow and eshowusing rcureadlock and rcureadunlock. Consequently, svcexportput and expkeyput will be invoked, leading to tw...

7.8CVSS6.4AI score0.00218EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/06 9:19 p.m.•9 views

kernel: crypto: algif_aead - Fix minimum RX size check for decryption

A flaw was found in the Linux kernel, specifically within the algifaead module. The vulnerability involves an incorrect check for the minimum receive buffer size during decryption, which did not properly account for the tag size. This could potentially lead to issues with data integrity or...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/06 9:19 p.m.•14 views

kernel: crypto: algif_aead - Revert to operating out-of-place

A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...

7.8CVSS7.2AI score0.96267EPSS
Exploits230References14
RedHat Linux
RedHat Linux
•added 2026/05/06 9:19 p.m.•14 views

kernel: can: raw: fix ro->uniq use-after-free in raw_rcv()

A flaw was found in the Linux kernel's Controller Area Network CAN raw socket implementation. A use-after-free vulnerability can occur due to a timing window during the unregistration of CAN receive filters, allowing a freed memory region to be accessed. This could lead to system instability or a...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/06 9:19 p.m.•22 views

kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A local attacker with privileges on the host system could exploit a vulnerability in how KVM handles shadow page table entries SPTEs during memory-mapped I/O MMIO operations. By manipulating guest page table entrie...

8.1CVSS5.8AI score0.00184EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/06 9:19 p.m.•59 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.1CVSS6.9AI score0.96267EPSS
Exploits230References7
RedHat Linux
RedHat Linux
•added 2026/05/06 9:19 p.m.•9 views

kernel: scsi: qla2xxx: Fix improper freeing of purex item

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxxprocesspurlsiocb, an item is allocated via qla27xxcopymultiplepkt, which internally calls qla24xxallocpurexitem. The qla24xxallocpurexitem function may return a...

5.9AI score0.00171EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/06 9:10 p.m.•23 views

Important: Red Hat Security Advisory: Red Hat build of Cryostat security update

An update is now available for the Red Hat build of Cryostat 4 on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

8.8CVSS7.3AI score0.00621EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/05/06 8:47 p.m.•11 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.40 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.40 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

7.8CVSS6.1AI score0.96267EPSS
Exploits230References2
RedHat Linux
RedHat Linux
•added 2026/05/06 7:58 p.m.•11 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.40 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.40 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

8.6CVSS7.2AI score0.00532EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/05/06 7:20 p.m.•11 views

firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component...

8.8CVSS5.8AI score0.0035EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/06 7:20 p.m.•18 views

thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of...

9.8CVSS5.9AI score0.0034EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/06 7:20 p.m.•9 views

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

7.5CVSS6.8AI score0.01052EPSS
Exploits1References10
Total number of security vulnerabilities115831