Lucene search
K
RedhatRecent

115919 matches found

RedHat Linux
RedHat Linux
•added 2026/04/29 12:10 p.m.•10 views

Important: Red Hat Security Advisory: xorg-x11-server-Xwayland security update

An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS5.5AI score0.0038EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/04/29 12:10 p.m.•4 views

xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash,...

7.8CVSS5.2AI score0.0025EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/04/29 12:10 p.m.•8 views

xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

7.8CVSS5.7AI score0.0038EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/04/29 12:6 p.m.•8 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.6.15

Red Hat OpenShift Service Mesh 2.6.15 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh...

7.5CVSS7.8AI score0.00728EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/04/29 11:31 a.m.•7 views

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

7.5CVSS4.8AI score0.00426EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/29 11:31 a.m.•9 views

FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a heap buffer overflow vulnerability in the resizevbarentry function. This occurs when an error in buffer resizing leads to attacker-controlled pixel data being written into an...

7.5CVSS5.5AI score0.00398EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/29 11:31 a.m.•12 views

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...

7.5CVSS6AI score0.00426EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/29 11:30 a.m.•7 views

Important: Red Hat Security Advisory: PackageKit security update

An update for PackageKit is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

8.8CVSS5.5AI score0.0046EPSS
Exploits10References2
RedHat Linux
RedHat Linux
•added 2026/04/29 11:30 a.m.•9 views

PackageKit: race condition vulnerability leads to arbitrary package installation as root

A flaw was found in PackageKit. A time-of-check time-of-use TOCTOU race condition on transaction flags allows unprivileged users to install packages as root, resulting in a local privilege escalation...

8.8CVSS5.2AI score0.0046EPSS
Exploits10References9
RedHat Linux
RedHat Linux
•added 2026/04/29 11:27 a.m.•12 views

FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a heap buffer overflow vulnerability in the resizevbarentry function. This occurs when an error in buffer resizing leads to attacker-controlled pixel data being written into an...

7.5CVSS5.5AI score0.00398EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/29 11:27 a.m.•11 views

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

7.5CVSS4.8AI score0.00426EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/29 11:27 a.m.•5 views

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS6AI score0.00426EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/29 11:14 a.m.•15 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: java-21-openjdk: java-21-openjdk-21.0.11.0.10-1.hum1 aarch64, x8664 java-21-openjdk-demo-21.0.11.0.10-1.hum1 aarch64, x8664 java-21-openjdk-demo-fastdebug-21.0.11.0.10-1.hum1 aarch64, x8664...

7.5CVSS7.7AI score0.00702EPSS
Exploits0References9
RedHat Linux
RedHat Linux
•added 2026/04/29 8:54 a.m.•6 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.29 bug fix and security update

Red Hat OpenShift Container Platform release 4.19.29 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a...

7.5CVSS5.5AI score0.00693EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/04/29 8:26 a.m.•7 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

8.2CVSS6.5AI score0.0047EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/04/29 8:26 a.m.•12 views

vim: arbitrary command execution via modeline sandbox bypass

A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...

8.2CVSS6AI score0.0047EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/29 8:17 a.m.•24 views

Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.8CVSS5.5AI score0.00173EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/04/29 8:17 a.m.•10 views

sudo: Sudo: Privilege escalation due to failure in privilege drop calls

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...

7.8CVSS5.2AI score0.00173EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/29 8:11 a.m.•8 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7.2AI score0.00292EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/29 8:11 a.m.•10 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7.2AI score0.00615EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/29 8:11 a.m.•15 views

Important: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

7.5CVSS7.3AI score0.00621EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/04/29 8:11 a.m.•6 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/29 8:6 a.m.•10 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.29 bug fix and security update

Red Hat OpenShift Container Platform release 4.19.29 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a...

9.1CVSS6.4AI score0.01557EPSS
Exploits2References3
RedHat Linux
RedHat Linux
•added 2026/04/29 7:45 a.m.•10 views

lodash: lodash: Arbitrary code execution via untrusted input in template imports

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...

9.8CVSS5.2AI score0.01735EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/29 7:45 a.m.•12 views

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

9.8CVSS6AI score0.01735EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/04/29 7:37 a.m.•8 views

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.5CVSS7.3AI score0.00621EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/04/29 7:37 a.m.•8 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7.2AI score0.00292EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/29 7:37 a.m.•10 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7.2AI score0.00615EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/29 7:37 a.m.•7 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/29 7:37 a.m.•9 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

8.2CVSS6.5AI score0.0047EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/04/29 7:37 a.m.•7 views

vim: arbitrary command execution via modeline sandbox bypass

A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...

8.2CVSS6AI score0.0047EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/29 7:27 a.m.•8 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.29 security and extras update

Red Hat OpenShift Container Platform release 4.19.29 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a security impact of...

9.1CVSS7.5AI score0.01557EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/04/29 7:0 a.m.•13 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.7.10

Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.7.10 General Availability release, with updates to container images. Assisted Installer RHEL 9 integrates components for the general multicluster engine for Kubernetes 2.7.10 release that simplify the process of...

7.5CVSS6.1AI score0.00651EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/29 6:59 a.m.•12 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 8 components for Multicluster Engine for Kubernetes 2.7.10

Assisted installer RHEL 8 components for the multicluster engine for Kubernetes 2.7.10 General Availability release, with updates to container images. Assisted Installer RHEL 8 integrates components for the general multicluster engine for Kubernetes 2.7.10 release that simplify the process of...

6.1CVSS5.2AI score0.00165EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/04/29 6:33 a.m.•5 views

PackageKit: race condition vulnerability leads to arbitrary package installation as root

A flaw was found in PackageKit. A time-of-check time-of-use TOCTOU race condition on transaction flags allows unprivileged users to install packages as root, resulting in a local privilege escalation...

8.8CVSS5.2AI score0.0046EPSS
Exploits10References9
RedHat Linux
RedHat Linux
•added 2026/04/29 6:33 a.m.•7 views

Important: Red Hat Security Advisory: PackageKit security update

An update for PackageKit is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

8.8CVSS5.5AI score0.0046EPSS
Exploits10References2
RedHat Linux
RedHat Linux
•added 2026/04/29 6:17 a.m.•9 views

lodash: lodash: Arbitrary code execution via untrusted input in template imports

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...

9.8CVSS5.2AI score0.01735EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/29 6:17 a.m.•11 views

tornado-python: Tornado: Denial of Service via large multipart bodies

A flaw was found in tornado-python. A remote attacker can exploit this vulnerability by sending a specially crafted, very large multipart body with numerous parts. Because the parsing of these large bodies occurs synchronously on the main thread, it can consume excessive resources, leading to a...

8.7CVSS8.2AI score0.00375EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/29 6:17 a.m.•11 views

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

9.8CVSS8.8AI score0.01735EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/29 6:1 a.m.•14 views

lodash: lodash: Arbitrary code execution via untrusted input in template imports

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...

9.8CVSS5.2AI score0.01735EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/29 6:1 a.m.•10 views

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

9.8CVSS6AI score0.01735EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/04/29 5:59 a.m.•6 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: libxml2: libxml2-16-2.15.3-0.1.hum1 aarch64, x8664 libxml2-2.15.3-0.1.hum1 aarch64, x8664 libxml2-devel-2.15.3-0.1.hum1 aarch64, x8664 libxml2-static-2.15.3-0.1.hum1 aarch64, x8664...

7.8CVSS8.1AI score0.00632EPSS
Exploits2References4
RedHat Linux
RedHat Linux
•added 2026/04/29 5:59 a.m.•11 views

tornado-python: Tornado: Denial of Service via large multipart bodies

A flaw was found in tornado-python. A remote attacker can exploit this vulnerability by sending a specially crafted, very large multipart body with numerous parts. Because the parsing of these large bodies occurs synchronously on the main thread, it can consume excessive resources, leading to a...

8.7CVSS8.2AI score0.00375EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/29 5:59 a.m.•12 views

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

9.8CVSS8.8AI score0.01735EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/29 5:59 a.m.•16 views

lodash: lodash: Arbitrary code execution via untrusted input in template imports

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...

9.8CVSS5.2AI score0.01735EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/29 5:57 a.m.•16 views

lodash: lodash: Arbitrary code execution via untrusted input in template imports

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...

9.8CVSS5.2AI score0.01735EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/29 5:57 a.m.•11 views

tornado-python: Tornado: Denial of Service via large multipart bodies

A flaw was found in tornado-python. A remote attacker can exploit this vulnerability by sending a specially crafted, very large multipart body with numerous parts. Because the parsing of these large bodies occurs synchronously on the main thread, it can consume excessive resources, leading to a...

8.7CVSS8.2AI score0.00375EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/29 5:57 a.m.•9 views

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as havin...

9.8CVSS8.8AI score0.01735EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/29 5:49 a.m.•8 views

lodash: lodash: Arbitrary code execution via untrusted input in template imports

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...

9.8CVSS5.2AI score0.01735EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/29 5:49 a.m.•17 views

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

9.8CVSS6AI score0.01735EPSS
Exploits0References2
Total number of security vulnerabilities115919