Filtered by vendor Redhat Subscriptions
Filtered by product Enterprise Linux Subscriptions
Total 15786 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-28368 1 Redhat 17 Apache Camel Hawtio, Build Of Apache Camel - Hawtio, Build Of Apache Camel For Spring Boot and 14 more 2026-06-10 8.7 High
A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources.
CVE-2026-28367 1 Redhat 17 Apache Camel Hawtio, Build Of Apache Camel - Hawtio, Build Of Apache Camel For Spring Boot and 14 more 2026-06-10 8.7 High
A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests.
CVE-2026-45591 2 Microsoft, Redhat 5 .net, Asp.net Core, Visual Studio 2026 and 2 more 2026-06-10 7.5 High
Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-45491 2 Microsoft, Redhat 3 .net, Enterprise Linux, Hummingbird 2026-06-10 6.2 Medium
Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.
CVE-2026-5121 2 Libarchive, Redhat 17 Libarchive, Ai Inference Server, Discovery and 14 more 2026-06-10 7.5 High
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
CVE-2026-5201 2 Gnome, Redhat 12 Gdk-pixbuf, Ai Inference Server, Enterprise Linux and 9 more 2026-06-10 7.5 High
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
CVE-2026-4424 2 Libarchive, Redhat 21 Libarchive, Ai Inference Server, Discovery and 18 more 2026-06-10 7.5 High
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
CVE-2026-4111 1 Redhat 11 Ai Inference Server, Discovery, Enterprise Linux and 8 more 2026-06-10 7.5 High
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.
CVE-2023-52356 2 Libtiff, Redhat 6 Libtiff, Ai Inference Server, Discovery and 3 more 2026-06-10 7.5 High
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
CVE-2026-11837 1 Redhat 3 Enterprise Linux, Openstack, Openstack Platform 2026-06-10 7.3 High
A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their ~/.ssh directory to redirect file ownership changes to arbitrary system paths when an operator runs the authorized_key task as root, leading to local privilege escalation.
CVE-2026-11792 1 Redhat 3 Directory Server, Enterprise Linux, Redhat Directory Server 2026-06-09 3.3 Low
A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged (requiring non-default CLEAR password storage or a compromised replication peer), the copy overflows the buffer, corrupting heap memory and audit log output.
CVE-2024-43485 4 Apple, Linux, Microsoft and 1 more 12 Macos, Linux Kernel, .net and 9 more 2026-06-09 7.5 High
.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-43484 4 Apple, Linux, Microsoft and 1 more 28 Macos, Linux Kernel, .net and 25 more 2026-06-09 7.5 High
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2024-43483 4 Apple, Linux, Microsoft and 1 more 28 Macos, Linux Kernel, .net and 25 more 2026-06-09 7.5 High
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2024-38229 4 Apple, Linux, Microsoft and 1 more 7 Macos, Linux Kernel, .net and 4 more 2026-06-09 8.1 High
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2026-5119 2 Gnome, Redhat 9 Libsoup, Enterprise Linux, Enterprise Linux Eus and 6 more 2026-06-09 5.9 Medium
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
CVE-2026-3238 2 Redhat, Samba 4 Enterprise Linux, Openshift, Openshift Container Platform and 1 more 2026-06-09 7.5 High
A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the WINS service using specially crafted UDP packets.
CVE-2026-50265 1 Redhat 1 Enterprise Linux 2026-06-08 7.0 High
This CVE ID was assigned as a duplicate of CVE-2026-50292
CVE-2026-34002 2 Redhat, X.org 9 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 6 more 2026-06-08 6.1 Medium
A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service.
CVE-2026-34000 2 Redhat, X.org 10 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 7 more 2026-06-08 6.1 Medium
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.