Lucene search
K
RedhatRecent

114793 matches found

RedHat Linux
RedHat Linux
•added 2026/06/25 12:30 p.m.•4 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.9AI score0.00324EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/25 12:30 p.m.•6 views

Important: Red Hat Security Advisory: postgresql security update

An update for postgresql is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.8CVSS5.8AI score0.00668EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/25 12:30 p.m.•4 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.8AI score0.00558EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/25 12:30 p.m.•4 views

postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

8.8CVSS6.6AI score0.00464EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/25 11:42 a.m.•7 views

Important: Red Hat Security Advisory: perl-IO-Compress security update

An update for perl-IO-Compress is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.3CVSS6.2AI score0.00292EPSS
Exploits2References2
RedHat Linux
RedHat Linux
•added 2026/06/25 11:42 a.m.•4 views

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

7.3CVSS6.1AI score0.00292EPSS
Exploits2References6
RedHat Linux
RedHat Linux
•added 2026/06/25 11:28 a.m.•5 views

Moderate: Red Hat Security Advisory: libpng security update

An update for libpng is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.5CVSS6.8AI score0.01052EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/06/25 11:28 a.m.•7 views

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

7.5CVSS7AI score0.01052EPSS
Exploits1References10
RedHat Linux
RedHat Linux
•added 2026/06/25 11:0 a.m.•8 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.68 packages and security update

Red Hat OpenShift Container Platform release 4.13.68 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

10CVSS6.9AI score0.01945EPSS
Exploits4References7
RedHat Linux
RedHat Linux
•added 2026/06/25 11:0 a.m.•4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/25 11:0 a.m.•4 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.2AI score0.00459EPSS
Exploits2References8
RedHat Linux
RedHat Linux
•added 2026/06/25 11:0 a.m.•6 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/25 11:0 a.m.•4 views

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

4.3CVSS7.1AI score0.00419EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/25 11:0 a.m.•4 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.7AI score0.00765EPSS
Exploits1References8
RedHat Linux
RedHat Linux
•added 2026/06/25 11:0 a.m.•4 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS6.7AI score0.00643EPSS
Exploits1References8
RedHat Linux
RedHat Linux
•added 2026/06/25 10:49 a.m.•3 views

nginx: ngx_http_rewrite_module: code execution and denial of service

A flaw was found in the ngxhttprewritemodule module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures and a replacement string that references multiple such captures in a redirect or arguments context, an...

9.2CVSS6.4AI score0.04261EPSS
Exploits3References5
RedHat Linux
RedHat Linux
•added 2026/06/25 10:49 a.m.•4 views

Important: Red Hat Security Advisory: nginx security update

An update for nginx is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.2CVSS6.2AI score0.04261EPSS
Exploits3References2
RedHat Linux
RedHat Linux
•added 2026/06/25 10:39 a.m.•6 views

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.13.68 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.68 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

9.8CVSS6.5AI score0.93235EPSS
Exploits34References8
RedHat Linux
RedHat Linux
•added 2026/06/25 10:37 a.m.•4 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6.2AI score0.02995EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/25 10:37 a.m.•5 views

Important: Red Hat Security Advisory: redis:6 security update

An update for the redis:6 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

8.8CVSS6.4AI score0.02995EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/06/25 10:35 a.m.•4 views

postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...

8.8CVSS6.2AI score0.00668EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/25 10:35 a.m.•4 views

postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

8.8CVSS6.6AI score0.00464EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/25 10:35 a.m.•4 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.8AI score0.00558EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/25 10:35 a.m.•4 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.9AI score0.00324EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/25 10:35 a.m.•6 views

Important: Red Hat Security Advisory: postgresql:12 security update

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A...

8.8CVSS5.8AI score0.00668EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/25 10:34 a.m.•6 views

Moderate: Red Hat Security Advisory: libpng security update

An update for libpng is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability...

7.5CVSS6.5AI score0.01052EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/06/25 10:34 a.m.•4 views

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

7.5CVSS6.8AI score0.01052EPSS
Exploits1References10
RedHat Linux
RedHat Linux
•added 2026/06/25 10:33 a.m.•4 views

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

7.5CVSS7AI score0.01052EPSS
Exploits1References10
RedHat Linux
RedHat Linux
•added 2026/06/25 10:33 a.m.•5 views

Moderate: Red Hat Security Advisory: libpng security update

An update for libpng is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring Syste...

7.5CVSS6.8AI score0.01052EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/06/25 10:24 a.m.•4 views

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

7.5CVSS6.8AI score0.01052EPSS
Exploits1References10
RedHat Linux
RedHat Linux
•added 2026/06/25 10:24 a.m.•6 views

Moderate: Red Hat Security Advisory: libpng security update

An update for libpng is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability...

7.5CVSS6.5AI score0.01052EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/06/25 10:0 a.m.•11 views

Important: Red Hat Security Advisory: containernetworking-plugins security update

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/25 10:0 a.m.•4 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/25 10:0 a.m.•4 views

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

7.5CVSS5.8AI score0.00349EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/25 10:0 a.m.•4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/25 10:0 a.m.•4 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7.2AI score0.00615EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/25 9:36 a.m.•8 views

Moderate: Red Hat Security Advisory: libxslt security update

An update for libxslt is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

5.5CVSS6.2AI score0.00161EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/06/25 9:36 a.m.•7 views

libxslt: use-after-free with key data stored cross-RVT

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

5.5CVSS6.1AI score0.00161EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/25 9:36 a.m.•8 views

libxslt: Processing web content may disclose sensitive information

A flaw was found in libxslt package. Processing web content may disclose sensitive information. This issue was addressed with improved memory handling...

6.5CVSS6.6AI score0.01092EPSS
Exploits0References15
RedHat Linux
RedHat Linux
•added 2026/06/25 9:36 a.m.•6 views

libxslt: use-after-free with key data stored cross-RVT

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

5.5CVSS6.1AI score0.00161EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/25 9:36 a.m.•7 views

Moderate: Red Hat Security Advisory: libxslt security update

An update for libxslt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

6.5CVSS6.1AI score0.01092EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/06/25 9:34 a.m.•7 views

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

7.3CVSS6.1AI score0.00292EPSS
Exploits2References6
RedHat Linux
RedHat Linux
•added 2026/06/25 9:34 a.m.•8 views

Important: Red Hat Security Advisory: perl-IO-Compress security update

An update for perl-IO-Compress is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

7.3CVSS6.3AI score0.00292EPSS
Exploits2References2
RedHat Linux
RedHat Linux
•added 2026/06/25 9:3 a.m.•10 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.92 packages and security update

Red Hat OpenShift Container Platform release 4.12.92 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

10CVSS6.9AI score0.01945EPSS
Exploits3References6
RedHat Linux
RedHat Linux
•added 2026/06/25 9:3 a.m.•4 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.2AI score0.00459EPSS
Exploits2References8
RedHat Linux
RedHat Linux
•added 2026/06/25 9:3 a.m.•4 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/25 9:3 a.m.•4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/25 9:3 a.m.•5 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.7AI score0.00765EPSS
Exploits1References8
RedHat Linux
RedHat Linux
•added 2026/06/25 9:3 a.m.•4 views

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

4.3CVSS7.1AI score0.00419EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/25 8:42 a.m.•4 views

libxslt: use-after-free with key data stored cross-RVT

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

5.5CVSS6.1AI score0.00161EPSS
Exploits0References6
Total number of security vulnerabilities114793