Lucene search
K
RedhatRecent

114931 matches found

RedHat Linux
RedHat Linux
•added 2026/06/01 10:12 p.m.•20 views

Important: Red Hat Security Advisory: Multicluster Global Hub 1.4.5 security update

Multicluster Global Hub v1.4.5 general availability release images, which provide security fixes, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

9.1CVSS7.5AI score0.08123EPSS
Exploits5References36
RedHat Linux
RedHat Linux
•added 2026/06/01 9:8 p.m.•12 views

cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification ECDSA and...

8.2CVSS7.1AI score0.00341EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 9:8 p.m.•12 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS7.1AI score0.00269EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/06/01 9:8 p.m.•13 views

Important: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

8.2CVSS7.2AI score0.00341EPSS
Exploits1References3
RedHat Linux
RedHat Linux
•added 2026/06/01 6:51 p.m.•10 views

openssh: potential command injection via shell metacharacters

A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters...

6.5CVSS6AI score0.19753EPSS
Exploits8References4
RedHat Linux
RedHat Linux
•added 2026/06/01 6:51 p.m.•13 views

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

6.5CVSS5.7AI score0.00237EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/06/01 6:51 p.m.•14 views

OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

2.5CVSS5.8AI score0.0013EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/06/01 6:51 p.m.•20 views

OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option

A flaw was found in OpenSSH. This vulnerability arises from the incorrect handling of the authorizedkeys principals option in uncommon scenarios. Specifically, when a principals list is used with a Certificate Authority that includes comma characters, OpenSSH may misinterpret the input. This coul...

8.1CVSS5.9AI score0.00176EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/06/01 6:51 p.m.•12 views

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

8.1CVSS6AI score0.00247EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/06/01 6:51 p.m.•12 views

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

8.1CVSS5.8AI score0.00419EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/06/01 6:51 p.m.•13 views

Important: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...

8.1CVSS6.1AI score0.19753EPSS
Exploits8References7
RedHat Linux
RedHat Linux
•added 2026/06/01 5:56 p.m.•16 views

openjdk: Enhance TLS connection handling (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10;...

7.5CVSS7.3AI score0.00635EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/01 5:56 p.m.•14 views

openjdk: Improve Kerberos credentialing (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

5.3CVSS7.4AI score0.0028EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/01 5:56 p.m.•13 views

openjdk: Enhance crypto algorithm support (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

2.9CVSS7.4AI score0.00124EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/01 5:56 p.m.•13 views

openjdk: Enhance Path Factories Redux (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

7.5CVSS7.3AI score0.00702EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/01 5:56 p.m.•16 views

Eclipse Open9J: Denial of Service in JITServer via crafted TCP message

A flaw was found in Eclipse Open9J and JITServer. A remote attacker, without needing to authenticate, can send a specially crafted 32-byte TCP message to JITServer. This action can cause JITServer to crash, leading to a Denial of Service DoS for affected systems...

8.7CVSS5.8AI score0.00517EPSS
Exploits1References6
RedHat Linux
RedHat Linux
•added 2026/06/01 5:56 p.m.•15 views

openjdk: Enhance key generation (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

2.9CVSS7.4AI score0.00122EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/01 5:56 p.m.•11 views

openjdk: Enhance certificate chain validation (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

5.3CVSS7.4AI score0.00305EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/01 5:56 p.m.•20 views

Important: Red Hat Security Advisory: java-21-ibm-semeru-certified-jdk security update

An update for java-21-ibm-semeru-certified-jdk is now available for Red Hat Enterprise Linux 10.0 Extended Update Support, Red Hat Enterprise Linux 10, and Red Hat Enterprise Linux 10.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Importan...

8.7CVSS7.2AI score0.00702EPSS
Exploits1References9
RedHat Linux
RedHat Linux
•added 2026/06/01 5:56 p.m.•14 views

freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...

5.3CVSS7.2AI score0.00141EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/01 4:13 p.m.•15 views

rubygem-katello: Katello: Denial of Service and potential information disclosure via SQL injection

A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...

5.4CVSS7.3AI score0.00262EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/06/01 4:13 p.m.•23 views

Moderate: Red Hat Security Advisory: Satellite 6.19.1 Async Update

A new release is now available for Red Hat Satellite 6.19 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

6.4CVSS7.2AI score0.00292EPSS
Exploits0References9
RedHat Linux
RedHat Linux
•added 2026/06/01 4:13 p.m.•19 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7AI score0.00292EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•18 views

firefox: thunderbird: Privilege escalation in the DOM: Workers component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the DOM: Workers component...

8.8CVSS5.7AI score0.00386EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•19 views

firefox: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

8.1CVSS5.7AI score0.00372EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•20 views

firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component...

7.5CVSS5.7AI score0.00413EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•21 views

firefox: Spoofing issue in the Form Autofill component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the Form Autofill component...

6.5CVSS5.7AI score0.00322EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•18 views

firefox: thunderbird: Incorrect boundary conditions in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript Engine: JIT component...

6.5CVSS5.7AI score0.00244EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•23 views

firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

8.8CVSS5.9AI score0.00332EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•21 views

firefox: Information disclosure, sandbox escape in the Security: Process Sandboxing component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...

8.6CVSS5.7AI score0.00344EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•19 views

firefox: Privilege escalation in the Security component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Security component...

8.8CVSS5.7AI score0.00307EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•17 views

firefox: Privilege escalation in the Enterprise Policies component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Enterprise Policies component...

8.8CVSS5.7AI score0.00386EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•20 views

firefox: thunderbird: Use-after-free in the DOM: Bindings (WebIDL) component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Bindings WebIDL component...

7.3CVSS5.7AI score0.00413EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•22 views

firefox: thunderbird: Sandbox escape in the Profile Backup component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the Profile Backup component...

9.8CVSS5.7AI score0.00313EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•21 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS5.9AI score0.00605EPSS
Exploits0References20
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•21 views

firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these...

8.8CVSS5.9AI score0.00429EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•19 views

firefox: Sandbox escape due to use-after-free in the Disability Access APIs component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to use-after-free in the Disability Access APIs component...

9.6CVSS5.7AI score0.00532EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•19 views

firefox: Incorrect boundary conditions, integer overflow in the Audio/Video component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Audio/Video component...

7.5CVSS5.8AI score0.00425EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•19 views

firefox: Same-origin policy bypass in the Networking: HTTP component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: HTTP component...

9.3CVSS5.7AI score0.00194EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•12 views

firefox: thunderbird: Other issue in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Other issue in the JavaScript Engine component...

5.3CVSS5.7AI score0.00298EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•19 views

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component...

9.6CVSS5.7AI score0.00417EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•20 views

firefox: Integer overflow in the Networking: JAR component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the Networking: JAR component...

9.8CVSS5.8AI score0.00605EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:41 p.m.•18 views

firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Audio/Video: Web Codecs component...

7.5CVSS5.7AI score0.0056EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:38 p.m.•22 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...

7.5CVSS6.1AI score0.00375EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:38 p.m.•17 views

firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...

8.8CVSS6.1AI score0.00316EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:38 p.m.•15 views

firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure due to incorrect boundary conditions in the Audio/Video component...

7.5CVSS5.7AI score0.00323EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:38 p.m.•21 views

firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component...

9.6CVSS5.7AI score0.00258EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/06/01 3:38 p.m.•18 views

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.6CVSS6AI score0.00375EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/06/01 3:10 p.m.•22 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/06/01 3:10 p.m.•16 views

Moderate: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References2
Total number of security vulnerabilities114931