Lucene search
K
RedhatRecent

117420 matches found

RedHat Linux
RedHat Linux
•added 2026/04/27 2:11 a.m.•15 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.9AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/27 2:11 a.m.•12 views

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS7.9AI score0.00728EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/04/27 2:8 a.m.•6 views

gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

7.5CVSS8.1AI score0.01069EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/04/27 2:8 a.m.•9 views

Important: Red Hat Security Advisory: gdk-pixbuf2 security update

An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

7.5CVSS8.1AI score0.01069EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/04/27 2:7 a.m.•10 views

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.1CVSS6AI score0.00579EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/27 2:7 a.m.•8 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS5AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/27 2:7 a.m.•19 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS6AI score0.00579EPSS
Exploits0References10
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•9 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash...

8.8CVSS5.2AI score0.00423EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•8 views

webkitgtk: A malicious website may be able to process restricted web content outside the sandbox

A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling...

8.8CVSS5.1AI score0.00636EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•7 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS7.7AI score0.00961EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•7 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management...

8.8CVSS7.5AI score0.00229EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•16 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS7.5AI score0.00295EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•9 views

webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management...

6.5CVSS5.1AI score0.0061EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•6 views

webkitgtk: A website may be able to track users through Safari web extensions

A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management...

5.3CVSS7.5AI score0.00222EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•6 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS5.2AI score0.00572EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•8 views

webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack

A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack...

4.3CVSS4.8AI score0.00276EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•9 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS5.2AI score0.00731EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•6 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash...

8.8CVSS6.7AI score0.00559EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•8 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS7.5AI score0.00295EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•8 views

webkitgtk: A remote attacker may be able to cause a denial-of-service

A flaw was found in WebKitGTK. A remote attacker may be able to cause a denial-of-service due to improper memory handling...

7.5CVSS7.5AI score0.00608EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•7 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS7.5AI score0.0038EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•8 views

webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy

A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy...

5.4CVSS5.8AI score0.00354EPSS
Exploits2References5
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•6 views

webkitgtk: A maliciously crafted webpage may be able to fingerprint the user

A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user...

4.3CVSS5.1AI score0.00276EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•9 views

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

8.8CVSS7.1AI score0.00961EPSS
Exploits2References19
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•6 views

webkitgtk: Processing maliciously crafted web content may disclose internal states of the app

A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application...

4.3CVSS5.2AI score0.00266EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 2:0 a.m.•6 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS5.2AI score0.0072EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/27 1:54 a.m.•12 views

Important: Red Hat Security Advisory: rhc security update

An update for rhc is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

9.1CVSS7.5AI score0.01557EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/04/27 1:54 a.m.•8 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS7.5AI score0.01557EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/04/27 1:50 a.m.•10 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS7.5AI score0.01557EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/04/27 1:50 a.m.•9 views

Important: Red Hat Security Advisory: rhc security update

An update for rhc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

9.1CVSS7.5AI score0.01557EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/04/27 1:38 a.m.•7 views

gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

7.5CVSS8.1AI score0.01069EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/04/27 1:38 a.m.•8 views

Important: Red Hat Security Advisory: gdk-pixbuf2 security update

An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.5CVSS8.1AI score0.01069EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/04/27 1:38 a.m.•10 views

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.8CVSS6AI score0.01735EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/04/27 1:38 a.m.•19 views

lodash: lodash: Arbitrary code execution via untrusted input in template imports

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...

9.8CVSS5.2AI score0.01735EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/27 1:35 a.m.•11 views

lodash: lodash: Arbitrary code execution via untrusted input in template imports

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...

9.8CVSS5.2AI score0.01735EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/27 1:35 a.m.•8 views

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

9.8CVSS6AI score0.01735EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/04/27 1:29 a.m.•5 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.9AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/27 1:29 a.m.•7 views

Important: Red Hat Security Advisory: yggdrasil-worker-package-manager security update

An update for yggdrasil-worker-package-manager is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

7.5CVSS7.9AI score0.00728EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/04/26 1:53 p.m.•13 views

Important: Red Hat Security Advisory: RHOAI 2.25.6 - Red Hat OpenShift AI

Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 2.25.6 provides these changes:...

9.1CVSS7.8AI score0.01557EPSS
Exploits3References4
RedHat Linux
RedHat Linux
•added 2026/04/24 11:24 a.m.•13 views

openjdk: Improve Kerberos credentialing (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

5.3CVSS7.4AI score0.0028EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/24 11:24 a.m.•11 views

openjdk: Enhance certificate chain validation (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

5.3CVSS7.4AI score0.00305EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/24 11:24 a.m.•9 views

freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...

5.3CVSS7.2AI score0.00141EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/24 11:24 a.m.•12 views

openjdk: Enhance crypto algorithm support (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

2.9CVSS7.4AI score0.00124EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/24 11:24 a.m.•21 views

openjdk: Enhance Zip file reading (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK:...

3.7CVSS7.3AI score0.00269EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/24 11:24 a.m.•12 views

openjdk: Enhance TLS connection handling (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10;...

7.5CVSS7.3AI score0.00635EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/24 11:24 a.m.•19 views

Important: Red Hat Security Advisory: java-21-openjdk security update

An update for java-21-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9.4 Extended Update Support, Red Hat Enterprise Linux 9.6 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as...

7.5CVSS5.4AI score0.00702EPSS
Exploits0References1
RedHat Linux
RedHat Linux
•added 2026/04/24 11:24 a.m.•14 views

openjdk: Enhance Path Factories Redux (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

7.5CVSS7.3AI score0.00702EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/24 11:24 a.m.•13 views

openjdk: Enhance key generation (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

2.9CVSS7.4AI score0.00122EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/24 11:22 a.m.•12 views

Important: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update...

7.5CVSS5.4AI score0.00702EPSS
Exploits0References1
RedHat Linux
RedHat Linux
•added 2026/04/24 11:22 a.m.•11 views

openjdk: Improve Kerberos credentialing (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

5.3CVSS7.4AI score0.0028EPSS
Exploits0References5
Total number of security vulnerabilities117420