Lucene search
K
RedhatRecent

116051 matches found

RedHat Linux
RedHat Linux
•added 2026/04/27 6:6 p.m.•4 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: ruff: python3-ruff-0.15.11-1.hum1 noarch ruff-0.15.11-1.hum1 aarch64, x8664 ruff-0.15.11-1.hum1.src src...

7.5CVSS6.1AI score0.00573EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 5:24 p.m.•11 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: sed: sed-4.10-1.hum1 aarch64, x8664 sed-4.10-1.hum1.src src...

2.1CVSS5.8AI score0.00142EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•10 views

python: Python: HTTP header injection via CR/LF in proxy tunnel headers

A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...

5.7CVSS5.3AI score0.00562EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•7 views

cpython: CPython: Logging Bypass in Legacy .pyc File Handling

A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...

5.7CVSS5.4AI score0.00202EPSS
Exploits0References9
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•6 views

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.1CVSS7.1AI score0.01279EPSS
Exploits1References12
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•24 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS5.9AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•7 views

cpython: Out-of-memory when loading Plist

A flaw was found in the plistlib module in the Python standard library. The amount of data to read from a Plist file is specified in the file itself. This issue allows a specially crafted Plist file to cause an application to allocate a large amount of memory, potentially resulting in allocations...

5.5CVSS5.3AI score0.00193EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•7 views

cpython: Header injection in http.cookies.Morsel in Python

An injection flaw has been discovered in Python. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

6CVSS5.3AI score0.00401EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•7 views

cpython: Stack overflow parsing XML with deeply nested DTD content models

A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash...

7.5CVSS5.4AI score0.00621EPSS
Exploits0References10
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•12 views

cpython: Incomplete control character validation in http.cookies

A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

7.5CVSS5.3AI score0.00419EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•8 views

python: Quadratic complexity in os.path.expandvars() with user-controlled template

A vulnerability in Python’s os.path.expandvars function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denia...

5.5CVSS6.6AI score0.00136EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•9 views

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

7.5CVSS7.5AI score0.01279EPSS
Exploits1References6
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•12 views

cpython: Header injection via newlines in data URL mediatype in Python

Missing newline filtering has been discovered in Python. User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

6CVSS5.3AI score0.0048EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•23 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS6AI score0.00579EPSS
Exploits0References10
RedHat Linux
RedHat Linux
•added 2026/04/27 3:0 p.m.•7 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS5AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/27 3:0 p.m.•10 views

Important: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.1CVSS6AI score0.00579EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/27 3:0 p.m.•10 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS6AI score0.00579EPSS
Exploits0References10
RedHat Linux
RedHat Linux
•added 2026/04/27 2:55 p.m.•9 views

freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...

9.8CVSS5.5AI score0.00656EPSS
Exploits1References6
RedHat Linux
RedHat Linux
•added 2026/04/27 2:55 p.m.•6 views

freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface

A heap buffer overflow has been discovered in FreeRDP. The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface...

9.1CVSS5.5AI score0.00489EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 2:55 p.m.•5 views

freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation

A use after free flaw was found in FreeRDP. AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. A malicious server can trigger a client‑side heap use after free causing a crash...

8.7CVSS5.2AI score0.00467EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 2:55 p.m.•4 views

freerdp: FreeRDP heap-use-after-free

A heap use after free flaw has been discovered in FreeRDP. A race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it...

8.1CVSS5.2AI score0.00286EPSS
Exploits1References6
RedHat Linux
RedHat Linux
•added 2026/04/27 2:55 p.m.•7 views

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. This heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory...

9.8CVSS5.6AI score0.00453EPSS
Exploits1References6
RedHat Linux
RedHat Linux
•added 2026/04/27 2:55 p.m.•8 views

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input AUDIN format lists. audinprocessformats reuses callback-formatscount across multiple MSGSNDINFORMATS PDUs...

9.8CVSS5.7AI score0.00365EPSS
Exploits1References6
RedHat Linux
RedHat Linux
•added 2026/04/27 2:55 p.m.•9 views

freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow

A flaw was found in FreeRDP. A malicious server can exploit a vulnerability in FastGlyph parsing, which improperly trusts data length without sufficient validation. This can lead to a client-side global buffer overflow, resulting in a denial of service DoS due to a crash. For this vulnerability t...

7.5CVSS5.5AI score0.00481EPSS
Exploits1References10
RedHat Linux
RedHat Linux
•added 2026/04/27 2:55 p.m.•6 views

freerdp: FreeRDP has a heap-use-after-free in video_timer

A use after free flaw has been discovered in FreeRDP. The videotimer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. A malicious server can trigger a client‑side heap use after free causing a crash DoS...

8.7CVSS5.2AI score0.00467EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 2:55 p.m.•9 views

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

9.8CVSS5.8AI score0.00656EPSS
Exploits5References12
RedHat Linux
RedHat Linux
•added 2026/04/27 2:55 p.m.•6 views

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

8.7CVSS5.2AI score0.00534EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/27 2:55 p.m.•12 views

freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...

7.5CVSS5.3AI score0.00467EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 2:55 p.m.•7 views

freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface

A heap buffer use after free has been discovered in FreeRDP. urbselectinterface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusbudevselectinterface...

8.7CVSS5.5AI score0.00467EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 1:54 p.m.•8 views

crypto/x509: Incorrect enforcement of email constraints in crypto/x509

A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...

7.5CVSS7.7AI score0.00606EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/27 1:54 p.m.•13 views

Important: Red Hat Security Advisory: rhc-worker-playbook security update

An update for rhc-worker-playbook is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS7.8AI score0.00728EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/27 1:54 p.m.•15 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.9AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/27 12:40 p.m.•6 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS5AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/27 12:40 p.m.•7 views

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.1CVSS6AI score0.00579EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/27 12:40 p.m.•23 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS6AI score0.00579EPSS
Exploits0References10
RedHat Linux
RedHat Linux
•added 2026/04/27 12:37 p.m.•20 views

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.8CVSS5.3AI score0.04938EPSS
Exploits1References26
RedHat Linux
RedHat Linux
•added 2026/04/27 12:37 p.m.•9 views

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

9.8CVSS5.2AI score0.00309EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 12:37 p.m.•8 views

firefox: thunderbird: Other issue in the Storage: IndexedDB component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Other issue in the Storage: IndexedDB component...

6.5CVSS5.2AI score0.04938EPSS
Exploits1References6
RedHat Linux
RedHat Linux
•added 2026/04/27 12:37 p.m.•5 views

firefox: thunderbird: Privilege escalation in the Debugger component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Debugger component...

8.8CVSS5.2AI score0.00226EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 12:37 p.m.•10 views

firefox: thunderbird: Privilege escalation in the Networking component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Networking component...

8.8CVSS5.2AI score0.00221EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 12:37 p.m.•6 views

firefox: thunderbird: Use-after-free in the Widget: Cocoa component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Widget: Cocoa component...

7.5CVSS5.2AI score0.00363EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 12:37 p.m.•6 views

firefox: thunderbird: Incorrect boundary conditions in the WebRTC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the WebRTC component...

7.5CVSS5.2AI score0.00306EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 12:37 p.m.•7 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corrupti...

7.5CVSS6AI score0.00513EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 12:37 p.m.•6 views

firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the WebRTC: Networking component...

7.8CVSS5.2AI score0.0011EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 12:37 p.m.•6 views

firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Libraries component in NSS...

7.5CVSS5.2AI score0.00269EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 12:37 p.m.•6 views

firefox: thunderbird: Information disclosure in the Form Autofill component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Form Autofill component...

5.3CVSS5.2AI score0.00215EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 12:37 p.m.•10 views

firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the DOM: Device Interfaces component...

6.5CVSS5.2AI score0.00231EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 12:37 p.m.•5 views

firefox: thunderbird: Mitigation bypass in the File Handling component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the File Handling component...

6.5CVSS5.2AI score0.00191EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 12:37 p.m.•6 views

firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...

6.3CVSS5.2AI score0.00157EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 12:37 p.m.•8 views

firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Uninitialized memory in the Audio/Video: Web Codecs component...

7.5CVSS5.2AI score0.00307EPSS
Exploits0References6
Total number of security vulnerabilities116051