Lucene search
K
RedhatRecent

114833 matches found

RedHat Linux
RedHat Linux
added 2026/06/04 6:29 p.m.9 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS5.9AI score0.00323EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 6:29 p.m.11 views

Important: Red Hat Security Advisory: flatpak security update

An update for flatpak is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

10CVSS6.4AI score0.0168EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/04 5:0 p.m.16 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.91 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.91 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

8.8CVSS6AI score0.93235EPSS
Exploits47References7
RedHat Linux
RedHat Linux
added 2026/06/04 4:34 p.m.16 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.67 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.67 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

9.8CVSS6AI score0.03663EPSS
Exploits18References7
RedHat Linux
RedHat Linux
added 2026/06/04 4:16 p.m.17 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.91 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.91 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/04 4:15 p.m.9 views

php: signed integer overflow in metaphone()

A flaw was found in PHP. The metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. When an input string is longer than 2,147,483,647 bytes, a signed integer overflow can occur, leading to undefined behavior and an...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 4:15 p.m.10 views

php: NULL pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()

A flaw was found in PHP. When an attacker input can influence the encoding passed to mbregexencoding and the application subsequently uses mbregex search APIs, a NULL pointer dereference can occur due to a mismatch between the Oniguruma and mbfl encoding support. This issue can cause a crash in t...

6.5CVSS5.8AI score0.00202EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 4:15 p.m.9 views

PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions

A flaw was found in PHP. Some functions, including urldecode, incorrectly pass signed characters to character type ctype functions. On certain systems, this can lead to accessing memory with a negative offset. This vulnerability can be exploited by an attacker to trigger a denial of service DoS,...

7.5CVSS5.7AI score0.00337EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 4:15 p.m.9 views

PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

8.8CVSS6.1AI score0.0021EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/04 4:15 p.m.11 views

Important: Red Hat Security Advisory: php security update

An update for php is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

8.8CVSS5.9AI score0.0078EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/06/04 4:15 p.m.9 views

php: NULL pointer dereference in SOAP apache:Map decoder with missing <value>

A flaw was found in PHP. When a PHP SOAP server has a typemap configured, the apache:Map decoding process checks the incorrect variable in case of a missing value element. This incorrect check leads to a NULL pointer dereference and allows a remote unauthenticated attacker to crash the PHP SOAP...

7.5CVSS5.8AI score0.0078EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 4:14 p.m.17 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.67 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.67 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

10CVSS7.2AI score0.01945EPSS
Exploits3References8
RedHat Linux
RedHat Linux
added 2026/06/04 4:2 p.m.28 views

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

7.8CVSS5.8AI score0.00353EPSS
Exploits4References7
RedHat Linux
RedHat Linux
added 2026/06/04 4:2 p.m.55 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for NVIDIA for RHEL 10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

7.8CVSS5.8AI score0.00353EPSS
Exploits4References2
RedHat Linux
RedHat Linux
added 2026/06/04 3:55 p.m.8 views

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

7.8CVSS5.8AI score0.00353EPSS
Exploits4References7
RedHat Linux
RedHat Linux
added 2026/06/04 3:55 p.m.15 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

8.8CVSS5.8AI score0.00378EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2026/06/04 3:55 p.m.6 views

kernel: netfilter: flowtable: strictly check for maximum number of actions

A flaw was found in the Netfilter flowtable component of the Linux kernel. This vulnerability occurs because the system does not strictly check the maximum number of hardware offload actions for IPv6, allowing it to process more actions than supported. This could potentially lead to system...

7.8CVSS5.8AI score0.00141EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 3:55 p.m.33 views

kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...

5.7AI score0.00165EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 3:55 p.m.6 views

kernel: Bluetooth: hci_sync: Fix UAF in le_read_features_complete

A flaw was found in the Bluetooth Host Controller Interface HCI synchronization module hcisync of the Linux kernel. A use-after-free UAF vulnerability exists in the lereadfeaturescomplete function, where a freed hciconn object is accessed. This can allow an attacker to cause a system crash, leadi...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 3:55 p.m.40 views

kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al

In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proclseek as ones for procreaditer et.al Check pde-procops-proclseek directly may cause UAF in rmmod scenario. It's a gap in procregopen after commit 654b33ada4ab"proc: fix UAF in...

7.8CVSS5.8AI score0.00153EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 3:55 p.m.7 views

kernel: smb: client: validate the whole DACL before rewriting it in cifsacl

A flaw was found in the Linux kernel's Server Message Block SMB client, specifically within the cifsacl functionality. A malicious SMB server could provide a malformed Discretionary Access Control List DACL that claims to contain more Access Control Entries ACEs than are actually present. This...

8.8CVSS5.8AI score0.00259EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 3:55 p.m.7 views

kernel: smb: client: fix OOB reads parsing symlink error response

A flaw was found in the Linux kernel's Server Message Block SMB client. A remote, untrusted server could send a specially crafted symlink error response, leading to an out-of-bounds read vulnerability. This could result in the disclosure of sensitive information from the kernel's memory to a loca...

8.1CVSS5.8AI score0.00378EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 3:52 p.m.7 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

9.8CVSS6.4AI score0.00563EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 3:52 p.m.15 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syst...

9.8CVSS6.3AI score0.00563EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/04 3:52 p.m.10 views

kernel: ipv6: use RCU in ip6_xmit()

A use-after-free flaw was found in ip6autoflowlabel in the Linux kernel's net/ipv6/ip6output.c code. In this flaw an attacker can cause a denial of service DoS attack...

5.8AI score0.00178EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 3:52 p.m.10 views

kernel: net: use dst_dev_rcu() in sk_setup_caps()

In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...

5.9AI score0.0017EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 3:52 p.m.15 views

kernel: ipv6: use RCU in ip6_output()

A use-after-free flaw was found in ip6finishoutput2 in net/ipv6/ip6output.c in ipv6 access. This flaw could allow an attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem...

5.8AI score0.00193EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 3:52 p.m.11 views

kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()

A flaw was found in the Linux kernel's IPv6 ICMP error generation. A remote attacker could send a specially crafted IPv4 ICMP error packet with a Common Internet Protocol Security Option CIPSO IP option. This could lead to incorrect handling of packet control block data when generating an IPv6 IC...

9.8CVSS5.8AI score0.00255EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 3:52 p.m.8 views

kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()

A use-after-free flaw was found in the Linux kernel's iSCSI target subsystem. In the iscsitdecconnusagecount function, complete is called while still holding the conn-connusagelock spinlock. The waiting thread such as iscsitcloseconnection may wake up immediately and free the iscsitconn structure...

7.8CVSS5.8AI score0.00117EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 3:52 p.m.7 views

kernel: nvme: avoid double free special payload

In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry may fail before a new special payload is added, a double free will result. Clear the RQFSPECIALLOAD when the request is cleaned...

7.8CVSS6.3AI score0.00248EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 3:44 p.m.9 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.91 security and extras update

Red Hat OpenShift Container Platform release 4.12.91 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Low...

9.1CVSS7.2AI score0.01557EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/04 3:27 p.m.9 views

bind: BIND: Denial of Service via specially crafted DNS messages

A flaw was found in the bind component, specifically within the named daemon. This vulnerability allows a remote attacker to send specially crafted Domain Name System DNS messages. These messages, which use unusual classes or meta-classes, can trigger assertion failures in the named daemon when...

7.5CVSS5.8AI score0.0181EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/04 3:27 p.m.8 views

bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation

A flaw was found in BIND. A remote attacker can exploit this vulnerability by sending maliciously-constructed packets to BIND servers configured for TKEY-based authentication via GSS-API Generic Security Service Application Program Interface tokens. This can lead to excessive memory consumption,...

7.5CVSS5.8AI score0.01047EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/04 3:27 p.m.11 views

Important: Red Hat Security Advisory: bind9.16 security update

An update for bind9.16 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.5CVSS5.8AI score0.0181EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/04 3:20 p.m.7 views

mysql: DML unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4.9CVSS5.7AI score0.00323EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/04 3:20 p.m.13 views

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols t...

4.9CVSS5.7AI score0.00323EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/04 3:20 p.m.7 views

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols t...

4.9CVSS5.7AI score0.00323EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/04 3:20 p.m.7 views

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network...

4.9CVSS5.8AI score0.00242EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/04 3:20 p.m.5 views

mysql: InnoDB unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via...

4.9CVSS5.8AI score0.00242EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/04 3:20 p.m.9 views

mysql: InnoDB unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via...

4.9CVSS5.8AI score0.00242EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/04 3:20 p.m.8 views

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network...

6.5CVSS5.8AI score0.00303EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/04 3:20 p.m.9 views

mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker...

6.5CVSS5.8AI score0.00303EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/04 3:20 p.m.6 views

mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker...

6.5CVSS5.8AI score0.00303EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/04 3:20 p.m.10 views

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network...

6.5CVSS5.8AI score0.00303EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/04 3:20 p.m.10 views

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network...

4.9CVSS5.8AI score0.00323EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/04 3:20 p.m.6 views

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network...

4.9CVSS5.8AI score0.00323EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/04 3:20 p.m.10 views

Moderate: Red Hat Security Advisory: mysql security update

An update for mysql is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

6.5CVSS5.9AI score0.00323EPSS
Exploits0References25
RedHat Linux
RedHat Linux
added 2026/06/04 3:20 p.m.7 views

mysql: DML unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access v...

4.9CVSS5.8AI score0.00242EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/04 3:20 p.m.7 views

mysql: InnoDB unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via...

4.9CVSS5.8AI score0.00242EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/04 3:20 p.m.8 views

mysql: JSON unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: JSON. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access v...

6.5CVSS5.8AI score0.00303EPSS
Exploits0References6
Total number of security vulnerabilities114833