Lucene search
K
RedhatRecent

114931 matches found

RedHat Linux
RedHat Linux
•added 2026/06/03 1:57 p.m.•20 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.43 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.43 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

9.8CVSS5.8AI score0.01945EPSS
Exploits2References7
RedHat Linux
RedHat Linux
•added 2026/06/03 1:52 p.m.•9 views

firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component...

9.6CVSS5.8AI score0.00258EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/03 1:52 p.m.•10 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...

7.5CVSS5.9AI score0.00375EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/03 1:52 p.m.•11 views

firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure due to incorrect boundary conditions in the Audio/Video component...

7.5CVSS5.7AI score0.00323EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/03 1:52 p.m.•12 views

firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...

8.8CVSS5.9AI score0.00316EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/03 1:52 p.m.•14 views

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

9.6CVSS5.8AI score0.00375EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/03 1:49 p.m.•32 views

Moderate: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/06/03 1:49 p.m.•10 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/03 1:17 p.m.•21 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.24 bug fix and security update

Red Hat OpenShift Container Platform release 4.20.24 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a...

9.8CVSS6.8AI score0.01557EPSS
Exploits3References6
RedHat Linux
RedHat Linux
•added 2026/06/03 1:2 p.m.•18 views

Important: Red Hat Security Advisory: Red Hat Quay 3.10.22

Red Hat Quay 3.10.22 is now available with bug fixes. Quay 3.10.22...

10CVSS7.1AI score0.01186EPSS
Exploits8References20
RedHat Linux
RedHat Linux
•added 2026/06/03 12:58 p.m.•20 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.43 security and extras update

Red Hat OpenShift Container Platform release 4.18.43 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...

9.8CVSS7.6AI score0.01735EPSS
Exploits3References9
RedHat Linux
RedHat Linux
•added 2026/06/03 12:10 p.m.•10 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.21 CNF vRAN extras topology aware lifecycle manager update

An update for topology-aware-lifecycle manager is available for Red Hat OpenShift Container Platform 4.21. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the...

9.1CVSS7.3AI score0.01557EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/06/03 12:9 p.m.•19 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.24 security and extras update

Red Hat OpenShift Container Platform release 4.20.24 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a security impact of...

9.1CVSS7.3AI score0.01557EPSS
Exploits1References3
RedHat Linux
RedHat Linux
•added 2026/06/03 11:39 a.m.•18 views

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/06/03 11:39 a.m.•16 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/03 10:53 a.m.•10 views

Important: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/06/03 10:53 a.m.•16 views

libexpat: denial of service via crafted XML input

A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/06/03 10:4 a.m.•12 views

Important: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/06/03 10:4 a.m.•11 views

libexpat: denial of service via crafted XML input

A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/06/03 9:30 a.m.•12 views

Moderate: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerabilit...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/06/03 9:30 a.m.•26 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/06/03 8:19 a.m.•13 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/06/03 8:19 a.m.•11 views

github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server

A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out ...

7.5CVSS6.3AI score0.00494EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/06/03 8:19 a.m.•11 views

crypto/x509: Incorrect enforcement of email constraints in crypto/x509

A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...

7.5CVSS7.1AI score0.00606EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/03 8:19 a.m.•10 views

No title provided

No description is available for this CVE...

7.3AI score0.00086EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/06/03 8:19 a.m.•11 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS6.9AI score0.00643EPSS
Exploits1References8
RedHat Linux
RedHat Linux
•added 2026/06/03 8:19 a.m.•14 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/03 8:19 a.m.•12 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7AI score0.00292EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/03 8:19 a.m.•14 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/03 8:19 a.m.•18 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.8AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/03 8:19 a.m.•18 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.8AI score0.00765EPSS
Exploits1References8
RedHat Linux
RedHat Linux
•added 2026/06/03 8:19 a.m.•19 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/03 8:19 a.m.•18 views

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

10CVSS6.9AI score0.01945EPSS
Exploits3References14
RedHat Linux
RedHat Linux
•added 2026/06/03 7:51 a.m.•10 views

firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component...

9.6CVSS5.8AI score0.00258EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/03 7:51 a.m.•9 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...

7.5CVSS6.1AI score0.00375EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/03 7:51 a.m.•11 views

firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...

8.8CVSS6.1AI score0.00316EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/03 7:51 a.m.•10 views

firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure due to incorrect boundary conditions in the Audio/Video component...

7.5CVSS5.7AI score0.00323EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/03 7:51 a.m.•16 views

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...

9.6CVSS6AI score0.00375EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/03 7:49 a.m.•15 views

Important: Red Hat Security Advisory: rhc security update

An update for rhc is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

7.5CVSS5.9AI score0.00621EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/06/03 7:49 a.m.•17 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS5.8AI score0.00615EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/03 7:49 a.m.•8 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7AI score0.00292EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/03 7:49 a.m.•13 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/03 7:49 a.m.•6 views

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

7.5CVSS7.2AI score0.00349EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/03 7:43 a.m.•14 views

Moderate: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/06/03 7:43 a.m.•9 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/03 7:32 a.m.•9 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS5.7AI score0.00292EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/03 7:32 a.m.•9 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/03 7:32 a.m.•17 views

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/06/03 7:32 a.m.•11 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS5.8AI score0.00615EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/03 7:15 a.m.•11 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References5
Total number of security vulnerabilities114931