mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network...

mysql: InnoDB unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via...

mysql: JSON unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: JSON. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access v...

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network...

mysql: DML unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access v...

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network...

mysql: InnoDB unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via...

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network...

mysql: InnoDB unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via...

mysql: InnoDB unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via...

mysql: InnoDB unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via...

mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker...

mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker...

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network...

mysql: Information Schema unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with...

Moderate: Red Hat Security Advisory: mysql8.4 security update

An update for mysql8.4 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network...

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network...

mysql: Information Schema unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with...

mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker...

Moderate: Red Hat Security Advisory: glibc security update

An update for glibc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

glibc: glibc: Denial of Service via iconv() function with specific character sets

A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the iconv function. This could lead to an assertion failure, causing the application to crash and resulting in a...

rsync: Rsync: Out of bounds array access via negative index

An out of bounds read flaw has been discovered in rsync. A malicious client acting as the receiver of an rsync file transfer can trigger an OOB read via a negative array index. The rsync client requires at least read access to the remote rsync module to trigger the issue...

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...

Important: Red Hat Security Advisory: rsync security update

An update for rsync is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.17 bug fix and security update

Red Hat OpenShift Container Platform release 4.21.17 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a...

gimp: GIMP: Remote Code Execution via malicious JP2 file parsing

A flaw was found in GIMP. A remote attacker could exploit this by tricking a user into opening a specially crafted JP2 JPEG 2000 file. This flaw is due to a heap-based buffer overflow during JP2 file parsing, which allows for arbitrary code execution. Successful exploitation enables the attacker ...

gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...

gimp: GIMP: Remote Code Execution via PSP file parsing

A flaw was found in GIMP. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PSP PaintShop Pro file. This flaw is caused by a heap-based buffer overflow, where the application does not properly validate the length of user-supplied data. Successful...

GIMP: GIMP: Arbitrary code execution via specially crafted PSD file

A flaw was found in GIMP. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted PSD Photoshop Document file. This flaw is due to an integer overflow during the parsing of PSD files, which can lead to arbitrary code execution, allowing the attacker to run...

gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a malicious XPM X PixMap image file. This can lead to an an integer overflow during file processing, allowing the attacker to execute arbitrary code on the affected system...

Important: Red Hat Security Advisory: gimp security update

An update for gimp is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.17 security and extras update

Red Hat OpenShift Container Platform release 4.21.17 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a security impact of...

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection

A flaw was found in Ruby JSON. This vulnerability, a format string injection, allows a remote attacker to cause a denial of service DoS or disclose sensitive information. The flaw occurs when processing specially crafted user-supplied documents with the allowduplicatekey: false parsing option...

Important: Red Hat Security Advisory: ruby:4.0 security update

An update for the ruby:4.0 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

Important: Red Hat Security Advisory: ruby:3.3 security update

An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: python-markdown security update

An update for python-markdown is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

Important: Red Hat Security Advisory: python-markdown security update

An update for python-markdown is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

Important: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

Important: Red Hat Security Advisory: python-markdown security update

An update for python-markdown is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling

A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...

gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

gnutls: Fix use-after-free in gnutls_pkcs11_token_set_pin

No description is available for this CVE...