116578 matches found
Important: Red Hat Security Advisory: Red Hat OpenShift Builds 1.7.2
Red Hat OpenShift Builds 1.7.2 Releases of Red Hat OpenShift Builds 1.7.2...
gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...
Important: Red Hat Security Advisory: gdk-pixbuf2 security update
An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Important: Red Hat Security Advisory: Red Hat OpenShift Builds 1.6.5
Red Hat OpenShift Builds 1.6.5 Releases of Red Hat OpenShift Builds 1.6.5...
gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...
Important: Red Hat Security Advisory: gdk-pixbuf2 security update
An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...
Important: Red Hat Security Advisory: gdk-pixbuf2 security update
An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
Important: Red Hat Security Advisory: freerdp security update
An update for freerdp is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
freerdp: FreeRDP has a Heap-use-after-free in play_thread
A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...
freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation
A use after free flaw was found in FreeRDP. AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. A malicious server can trigger a client‑side heap use after free causing a crash...
freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface
A heap buffer use after free has been discovered in FreeRDP. urbselectinterface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusbudevselectinterface...
freerdp: FreeRDP has a heap-use-after-free in video_timer
A use after free flaw has been discovered in FreeRDP. The videotimer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. A malicious server can trigger a client‑side heap use after free causing a crash DoS...
freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()
A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...
freerdp: FreeRDP heap-use-after-free
A heap use after free flaw has been discovered in FreeRDP. A race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow has been discovered in FreeRDP. This heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow has been discovered in FreeRDP. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input AUDIN format lists. audinprocessformats reuses callback-formatscount across multiple MSGSNDINFORMATS PDUs...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface
A heap buffer overflow has been discovered in FreeRDP. The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface...
freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow
A flaw was found in FreeRDP. A malicious server can exploit a vulnerability in FastGlyph parsing, which improperly trusts data length without sufficient validation. This can lead to a client-side global buffer overflow, resulting in a denial of service DoS due to a crash. For this vulnerability t...
cpython: cpython: `tarfile` module misinterprets crafted tar archives leading to data integrity issues
A flaw was found in the tarfile module of cpython. This vulnerability allows a remote attacker to craft a malicious tar archive that, when processed, could be misinterpreted by the tarfile module. This misinterpretation occurs because the module incorrectly applies normalization of AREGTYPE block...
Low: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python3.11: python3.11-3.11.15-4.2.hum1 aarch64, x8664 python3.11-debug-3.11.15-4.2.hum1 aarch64, x8664 python3.11-devel-3.11.15-4.2.hum1 aarch64, x8664 python3.11-idle-3.11.15-4.2.hum1 aarch64,...
python: Python pkgutil.get_data(): Path Traversal via improper resource argument validation
A flaw was found in Python's pkgutil.getdata function, which is used to retrieve data from packages. This function did not properly validate the resource argument, allowing a local attacker to perform path traversal attacks. Path traversal enables an attacker to access files and directories store...
kernel: Linux kernel: Denial of Service due to a deadlock in hugetlb folio migration
A flaw was found in the Linux kernel. A local attacker could exploit a deadlock vulnerability due to incorrect lock ordering between foliolock and immaprwsem when migrating hugetlb file-backed folios. This could lead to hung tasks and potential system-wide stalls, resulting in a Denial of Service...
kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
A flaw was found in the Linux kernel's NFSv4.0 server nfsd. A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflictin...
Moderate: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: avahi: avahi-0.9rc4-0.1.hum1 aarch64, x8664 avahi-autoipd-0.9rc4-0.1.hum1 aarch64, x8664 avahi-compat-howl-0.9rc4-0.1.hum1 aarch64, x8664 avahi-compat-howl-devel-0.9rc4-0.1.hum1 aarch64, x8664...
Important: Red Hat Security Advisory: RHACS 4.8.11 security and bug fix update
Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...
python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules
A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...
python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API
A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...
Important: Red Hat Security Advisory: python3 security update
An update for python3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules
A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...
python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API
A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...
Important: Red Hat Security Advisory: python3.11 security update
An update for python3.11 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Important: Red Hat Security Advisory: RHACS 4.8.11 security and bug fix update
Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: libxslt: libxslt-1.1.45-0.1.hum1 aarch64, x8664 libxslt-devel-1.1.45-0.1.hum1 aarch64, x8664 python3-libxslt-1.1.45-0.1.hum1 aarch64, x8664 libxslt-1.1.45-0.1.hum1.src src...
Low: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: expat: expat-2.8.0-0.1.hum1 aarch64, x8664 expat-devel-2.8.0-0.1.hum1 aarch64, x8664 expat-static-2.8.0-0.1.hum1 aarch64, x8664 expat-2.8.0-0.1.hum1.src src...
kernel: Kernel: Privilege escalation or denial of service in nf_tables via inverted element activity check
A flaw was found in the Linux kernel's nftables component. A logic bug in nftmapcatchallactivate causes an inverted element activity check during the abort path of a failed transaction. This can lead to a use-after-free vulnerability, as catchall verdict elements may still reference a freed chain...
kernel: macvlan: fix possible UAF in macvlan_forward_source()
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlanforwardsource Add RCU protection on struct macvlansourceentry-vlan. Whenever macvlanhashdelsource is called, we must clear entry-vlan pointer before RCU grace period starts. This allows...
kernel: scsi: qla2xxx: Fix improper freeing of purex item
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxxprocesspurlsiocb, an item is allocated via qla27xxcopymultiplepkt, which internally calls qla24xxallocpurexitem. The qla24xxallocpurexitem function may return a...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: ruff: python3-ruff-0.15.11-1.hum1 noarch ruff-0.15.11-1.hum1 aarch64, x8664 ruff-0.15.11-1.hum1.src src...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: sed: sed-4.10-1.hum1 aarch64, x8664 sed-4.10-1.hum1.src src...
cpython: Stack overflow parsing XML with deeply nested DTD content models
A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash...
cpython: Header injection via newlines in data URL mediatype in Python
Missing newline filtering has been discovered in Python. User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...
python: Quadratic complexity in os.path.expandvars() with user-controlled template
A vulnerability in Python’s os.path.expandvars function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denia...
python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules
A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...
cpython: Incomplete control character validation in http.cookies
A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...
python: Python: HTTP header injection via CR/LF in proxy tunnel headers
A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...
cpython: Header injection in http.cookies.Morsel in Python
An injection flaw has been discovered in Python. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...