Lucene search
K
RedhatRecent

116578 matches found

RedHat Linux
RedHat Linux
•added 2026/04/28 7:19 a.m.•19 views

Important: Red Hat Security Advisory: Red Hat OpenShift Builds 1.7.2

Red Hat OpenShift Builds 1.7.2 Releases of Red Hat OpenShift Builds 1.7.2...

10CVSS7.6AI score0.01557EPSS
Exploits2References8
RedHat Linux
RedHat Linux
•added 2026/04/28 7:16 a.m.•5 views

gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

7.5CVSS5.8AI score0.01069EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/04/28 7:16 a.m.•7 views

Important: Red Hat Security Advisory: gdk-pixbuf2 security update

An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

7.5CVSS5.7AI score0.01069EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/04/28 7:16 a.m.•18 views

Important: Red Hat Security Advisory: Red Hat OpenShift Builds 1.6.5

Red Hat OpenShift Builds 1.6.5 Releases of Red Hat OpenShift Builds 1.6.5...

9.6CVSS5AI score0.01557EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/04/28 7:9 a.m.•11 views

gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

7.5CVSS8.1AI score0.01069EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/04/28 7:9 a.m.•11 views

Important: Red Hat Security Advisory: gdk-pixbuf2 security update

An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS8.2AI score0.01069EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/04/28 7:2 a.m.•6 views

gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

7.5CVSS8.1AI score0.01069EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/04/28 7:2 a.m.•10 views

Important: Red Hat Security Advisory: gdk-pixbuf2 security update

An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

7.5CVSS8.2AI score0.01069EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/04/28 6:49 a.m.•7 views

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

9.8CVSS6.5AI score0.00656EPSS
Exploits5References12
RedHat Linux
RedHat Linux
•added 2026/04/28 6:49 a.m.•4 views

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

8.7CVSS5.2AI score0.00534EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/28 6:49 a.m.•6 views

freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation

A use after free flaw was found in FreeRDP. AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. A malicious server can trigger a client‑side heap use after free causing a crash...

8.7CVSS5.2AI score0.00467EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/28 6:49 a.m.•4 views

freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface

A heap buffer use after free has been discovered in FreeRDP. urbselectinterface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusbudevselectinterface...

8.7CVSS5.5AI score0.00467EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/28 6:49 a.m.•5 views

freerdp: FreeRDP has a heap-use-after-free in video_timer

A use after free flaw has been discovered in FreeRDP. The videotimer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. A malicious server can trigger a client‑side heap use after free causing a crash DoS...

8.7CVSS5.2AI score0.00467EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/28 6:49 a.m.•7 views

freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...

7.5CVSS5.3AI score0.00467EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/28 6:49 a.m.•10 views

freerdp: FreeRDP heap-use-after-free

A heap use after free flaw has been discovered in FreeRDP. A race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it...

8.1CVSS5.2AI score0.00286EPSS
Exploits1References6
RedHat Linux
RedHat Linux
•added 2026/04/28 6:49 a.m.•12 views

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. This heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory...

9.8CVSS5.6AI score0.00453EPSS
Exploits1References6
RedHat Linux
RedHat Linux
•added 2026/04/28 6:49 a.m.•12 views

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input AUDIN format lists. audinprocessformats reuses callback-formatscount across multiple MSGSNDINFORMATS PDUs...

9.8CVSS5.7AI score0.00365EPSS
Exploits1References6
RedHat Linux
RedHat Linux
•added 2026/04/28 6:49 a.m.•7 views

freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...

9.8CVSS6.3AI score0.00656EPSS
Exploits1References6
RedHat Linux
RedHat Linux
•added 2026/04/28 6:49 a.m.•6 views

freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface

A heap buffer overflow has been discovered in FreeRDP. The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface...

9.1CVSS5.5AI score0.00489EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/28 6:49 a.m.•9 views

freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow

A flaw was found in FreeRDP. A malicious server can exploit a vulnerability in FastGlyph parsing, which improperly trusts data length without sufficient validation. This can lead to a client-side global buffer overflow, resulting in a denial of service DoS due to a crash. For this vulnerability t...

7.5CVSS5.5AI score0.00481EPSS
Exploits1References10
RedHat Linux
RedHat Linux
•added 2026/04/28 6:40 a.m.•1 views

cpython: cpython: `tarfile` module misinterprets crafted tar archives leading to data integrity issues

A flaw was found in the tarfile module of cpython. This vulnerability allows a remote attacker to craft a malicious tar archive that, when processed, could be misinterpreted by the tarfile module. This misinterpretation occurs because the module incorrectly applies normalization of AREGTYPE block...

3.3CVSS6.1AI score0.00164EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/28 6:40 a.m.•7 views

Low: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python3.11: python3.11-3.11.15-4.2.hum1 aarch64, x8664 python3.11-debug-3.11.15-4.2.hum1 aarch64, x8664 python3.11-devel-3.11.15-4.2.hum1 aarch64, x8664 python3.11-idle-3.11.15-4.2.hum1 aarch64,...

3.3CVSS5.2AI score0.00238EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/04/28 6:40 a.m.•2 views

python: Python pkgutil.get_data(): Path Traversal via improper resource argument validation

A flaw was found in Python's pkgutil.getdata function, which is used to retrieve data from packages. This function did not properly validate the resource argument, allowing a local attacker to perform path traversal attacks. Path traversal enables an attacker to access files and directories store...

6AI score0.00238EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/28 4:43 a.m.•8 views

kernel: Linux kernel: Denial of Service due to a deadlock in hugetlb folio migration

A flaw was found in the Linux kernel. A local attacker could exploit a deadlock vulnerability due to incorrect lock ordering between foliolock and immaprwsem when migrating hugetlb file-backed folios. This could lead to hung tasks and potential system-wide stalls, resulting in a Denial of Service...

5.5CVSS5.3AI score0.00114EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/28 4:43 a.m.•4 views

kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache

A flaw was found in the Linux kernel's NFSv4.0 server nfsd. A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflictin...

9.8CVSS6.6AI score0.0049EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/28 4:43 a.m.•7 views

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS5.5AI score0.0049EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/28 4:5 a.m.•11 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: avahi: avahi-0.9rc4-0.1.hum1 aarch64, x8664 avahi-autoipd-0.9rc4-0.1.hum1 aarch64, x8664 avahi-compat-howl-0.9rc4-0.1.hum1 aarch64, x8664 avahi-compat-howl-devel-0.9rc4-0.1.hum1 aarch64, x8664...

6.5CVSS5.1AI score0.00353EPSS
Exploits2References7
RedHat Linux
RedHat Linux
•added 2026/04/27 11:24 p.m.•24 views

Important: Red Hat Security Advisory: RHACS 4.8.11 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

9.8CVSS6.7AI score0.01557EPSS
Exploits2References10
RedHat Linux
RedHat Linux
•added 2026/04/27 9:31 p.m.•9 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS6AI score0.00579EPSS
Exploits0References10
RedHat Linux
RedHat Linux
•added 2026/04/27 9:31 p.m.•8 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS5AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/27 9:31 p.m.•13 views

Important: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.1CVSS6AI score0.00579EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/27 8:58 p.m.•9 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS6AI score0.00579EPSS
Exploits0References10
RedHat Linux
RedHat Linux
•added 2026/04/27 8:58 p.m.•14 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS5AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/27 8:58 p.m.•14 views

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.1CVSS6AI score0.00579EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/27 8:25 p.m.•16 views

Important: Red Hat Security Advisory: RHACS 4.8.11 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

9.8CVSS5.2AI score0.01557EPSS
Exploits2References9
RedHat Linux
RedHat Linux
•added 2026/04/27 7:15 p.m.•14 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: libxslt: libxslt-1.1.45-0.1.hum1 aarch64, x8664 libxslt-devel-1.1.45-0.1.hum1 aarch64, x8664 python3-libxslt-1.1.45-0.1.hum1 aarch64, x8664 libxslt-1.1.45-0.1.hum1.src src...

7.5CVSS5.2AI score0.012EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 6:40 p.m.•10 views

Low: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: expat: expat-2.8.0-0.1.hum1 aarch64, x8664 expat-devel-2.8.0-0.1.hum1 aarch64, x8664 expat-static-2.8.0-0.1.hum1 aarch64, x8664 expat-2.8.0-0.1.hum1.src src...

7.5CVSS5.2AI score0.00379EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/27 6:20 p.m.•4 views

kernel: Kernel: Privilege escalation or denial of service in nf_tables via inverted element activity check

A flaw was found in the Linux kernel's nftables component. A logic bug in nftmapcatchallactivate causes an inverted element activity check during the abort path of a failed transaction. This can lead to a use-after-free vulnerability, as catchall verdict elements may still reference a freed chain...

7.8CVSS5.3AI score0.00344EPSS
Exploits7References5
RedHat Linux
RedHat Linux
•added 2026/04/27 6:20 p.m.•5 views

kernel: macvlan: fix possible UAF in macvlan_forward_source()

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlanforwardsource Add RCU protection on struct macvlansourceentry-vlan. Whenever macvlanhashdelsource is called, we must clear entry-vlan pointer before RCU grace period starts. This allows...

7.8CVSS5.4AI score0.00188EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 6:20 p.m.•7 views

kernel: scsi: qla2xxx: Fix improper freeing of purex item

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxxprocesspurlsiocb, an item is allocated via qla27xxcopymultiplepkt, which internally calls qla24xxallocpurexitem. The qla24xxallocpurexitem function may return a...

5.6AI score0.00171EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 6:20 p.m.•10 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.8CVSS5.7AI score0.00344EPSS
Exploits7References4
RedHat Linux
RedHat Linux
•added 2026/04/27 6:6 p.m.•6 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: ruff: python3-ruff-0.15.11-1.hum1 noarch ruff-0.15.11-1.hum1 aarch64, x8664 ruff-0.15.11-1.hum1.src src...

7.5CVSS6.1AI score0.00573EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 5:24 p.m.•11 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: sed: sed-4.10-1.hum1 aarch64, x8664 sed-4.10-1.hum1.src src...

2.1CVSS5.8AI score0.00142EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•7 views

cpython: Stack overflow parsing XML with deeply nested DTD content models

A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash...

7.5CVSS5.4AI score0.00621EPSS
Exploits0References10
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•12 views

cpython: Header injection via newlines in data URL mediatype in Python

Missing newline filtering has been discovered in Python. User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

6CVSS5.3AI score0.0048EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•8 views

python: Quadratic complexity in os.path.expandvars() with user-controlled template

A vulnerability in Python’s os.path.expandvars function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denia...

5.5CVSS6.6AI score0.00136EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•23 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS6AI score0.00579EPSS
Exploits0References10
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•12 views

cpython: Incomplete control character validation in http.cookies

A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

7.5CVSS5.3AI score0.00419EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•10 views

python: Python: HTTP header injection via CR/LF in proxy tunnel headers

A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...

5.7CVSS5.3AI score0.00562EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/27 3:6 p.m.•7 views

cpython: Header injection in http.cookies.Morsel in Python

An injection flaw has been discovered in Python. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

6CVSS5.3AI score0.00401EPSS
Exploits0References6
Total number of security vulnerabilities116578