Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-59692

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-09 Jul, 2026 | 09:35
Updated At-09 Jul, 2026 | 14:39
Rejected At-
Credits

Gstreamer: gstreamer: dtls certificate subject dn stack buffer overflow in openssl_verify_callback

A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a fixed-size 2048-byte stack buffer without bounds checking. A remote unauthenticated attacker can send a certificate with an oversized Subject DN that exceeds the buffer, causing a stack buffer overflow and process crash, resulting in denial of service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:09 Jul, 2026 | 09:35
Updated At:09 Jul, 2026 | 14:39
Rejected At:
â–¼CVE Numbering Authority (CNA)
Gstreamer: gstreamer: dtls certificate subject dn stack buffer overflow in openssl_verify_callback

A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a fixed-size 2048-byte stack buffer without bounds checking. A remote unauthenticated attacker can send a certificate with an oversized Subject DN that exceeds the buffer, causing a stack buffer overflow and process crash, resulting in denial of service.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gstreamer1-plugins-bad-free
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gstreamer-plugins-bad-free
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gstreamer1-plugins-bad-free
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gstreamer-plugins-bad-free
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gstreamer1-plugins-bad-free
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gstreamer1-plugins-bad-free
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-121Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

There is no complete mitigation for this vulnerability. The following measures can reduce risk: 1. If WebRTC/DTLS functionality is not required, remove the DTLS plugin shared object from the GStreamer plugins directory (typically /usr/lib64/gstreamer-1.0/libgstdtls.so). 2. Restrict network access to WebRTC/DTLS endpoints to trusted peers only via firewall rules. 3. Deploy GStreamer WebRTC services behind a reverse proxy or media server that validates DTLS certificates before forwarding.

Exploits

Credits

Red Hat would like to thank Clouditera Security (Clouditera), NSFOCUS (NSFOCUS), and Z.ai Security (Z.ai) for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2026-07-06 00:00:00
Made public.2026-07-08 00:00:00
Event: Reported to Red Hat.
Date: 2026-07-06 00:00:00
Event: Made public.
Date: 2026-07-08 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-59692
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2497344
issue-tracking
x_refsource_REDHAT
https://gitlab.freedesktop.org/gstreamer/gstreamer-security/-/merge_requests/99
N/A
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5172
N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-59692
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2497344
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://gitlab.freedesktop.org/gstreamer/gstreamer-security/-/merge_requests/99
Resource: N/A
Hyperlink: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5172
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:09 Jul, 2026 | 11:16
Updated At:09 Jul, 2026 | 16:39

A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a fixed-size 2048-byte stack buffer without bounds checking. A remote unauthenticated attacker can send a certificate with an oversized Subject DN that exceeds the buffer, causing a stack buffer overflow and process crash, resulting in denial of service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-121Secondarysecalert@redhat.com
CWE ID: CWE-121
Type: Secondary
Source: secalert@redhat.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://access.redhat.com/security/cve/CVE-2026-59692secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2497344secalert@redhat.com
N/A
https://gitlab.freedesktop.org/gstreamer/gstreamer-security/-/merge_requests/99secalert@redhat.com
N/A
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5172secalert@redhat.com
N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-59692
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2497344
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://gitlab.freedesktop.org/gstreamer/gstreamer-security/-/merge_requests/99
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5172
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

678Records found

CVE-2026-48863
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.83%
||
7 Day CHG~0.00%
Published-16 Jul, 2026 | 00:46
Updated-18 Jul, 2026 | 03:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsolv: stack-based buffer overflow in libsolv eddsa pgp signature verification allows denial of service

A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows.

Action-Not Available
Vendor-Red Hat, Inc.openSUSE
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7libsolvRed Hat Enterprise Linux 8Red Hat Update Infrastructure 4 for Cloud ProvidersRed Hat Satellite 6Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Update Infrastructure 4 for Cloud ProvidersRed Hat Satellite 6Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2010-3872
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.77% / 84.69%
||
7 Day CHG~0.00%
Published-20 Nov, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Httpd: mod_fcgid: stack-based buffer overflow in fcgid_header_bucket_read() in modules/fcgid/fcgid_bucket.c

A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.

Action-Not Available
Vendor-n/aFedora ProjectThe Apache Software FoundationRed Hat, Inc.
Product-mod_fcgidmod_fcgidRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Fedora
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-40170
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.78% / 51.69%
||
7 Day CHG~0.00%
Published-16 Apr, 2026 | 21:34
Updated-15 Jul, 2026 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ngtcp2 has a qlog transport parameter serialization stack buffer overflow

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport parameters during the QUIC handshake to cause writes beyond the buffer boundary, resulting in a stack buffer overflow. This affects deployments that enable the qlog callback and process untrusted peer transport parameters. This issue has been fixed in version 1.22.1. If developers are unable to immediately upgrade, they can disable the qlog on client.

Action-Not Available
Vendor-tatsuhiro-tngtcp2Red Hat, Inc.
Product-ngtcp2ngtcp2Red Hat Enterprise Linux 9Red Hat Hardened ImagesRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-32203
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.55% / 72.37%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 16:58
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Denial of Service Vulnerability

Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft CorporationRed Hat, Inc.Apple Inc.Linux Kernel Organization, Inc
Product-visual_studio_2026visual_studio_2022macos.netlinux_kernelwindows.NET 9.0.NET 10.0Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2022 version 17.14.NET 8.0Microsoft Visual Studio 2026 version 18.4Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Hardened Images
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-5971
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.72% / 84.36%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 20:51
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Data Grid 8Red Hat build of QuarkusRed Hat Single Sign-On 7Red Hat Integration Camel K 1Red Hat build of Apache Camel 4.4.2 for Spring BootRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat build of Apache Camel - HawtIO 4Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 7Red Hat Process Automation 7Red Hat JBoss Data Grid 7Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat JBoss Enterprise Application Platform 8Red Hat Build of KeycloakRed Hat build of Apache Camel 3.20.7 for Spring BootRed Hat build of Apache Camel 4.4.1 for Spring Boot 3.2Red Hat build of Apache Camel for Spring Boot 3
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2026-8177
Matching Score-8
Assigner-CPAN Security Group
ShareView Details
Matching Score-8
Assigner-CPAN Security Group
CVSS Score-7.5||HIGH
EPSS-0.63% / 46.12%
||
7 Day CHG+0.10%
Published-10 May, 2026 | 20:48
Updated-15 Jul, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory. Any Perl process that passes attacker controlled strings to XML::LibXML's DOM node-name methods can reach this path on the default API. The likely consequence is a crash, causing denial of service.

Action-Not Available
Vendor-SHLOMIFRed Hat, Inc.
Product-XML::LibXMLRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-6356
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.45% / 70.39%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 21:04
Updated-06 Nov, 2025 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: null pointer dereference in nvmet_tcp_build_iovec

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.Debian GNU/Linux
Product-enterprise_linuxenterprise_linux_euscodeready_linux_builder_for_arm64_euscodeready_linux_builder_for_ibm_z_systems_euscodeready_linux_builder_eusenterprise_linux_for_real_time_for_nfventerprise_linux_for_arm_64_eusvirtualization_hostenterprise_linux_server_ausdebian_linuxcodeready_linux_builder_eus_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_little_endian_eusenterprise_linux_server_tuslinux_kernelenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_for_real_timeRed Hat Enterprise Linux 9RHOL-5.8-RHEL-9Red Hat Enterprise Linux 6Red Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.8 Extended Update Support
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-34966
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-62.02% / 99.08%
||
7 Day CHG~0.00%
Published-20 Jul, 2023 | 14:56
Updated-20 Nov, 2025 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samba: infinite loop in mdssvc rpc service for spotlight

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.

Action-Not Available
Vendor-Red Hat, Inc.Fedora ProjectDebian GNU/LinuxSamba
Product-sambadebian_linuxfedoraenterprise_linuxRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Storage 3Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-10704
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.45% / 87.70%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 00:00
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

Action-Not Available
Vendor-Debian GNU/LinuxopenSUSESambaFedora ProjectRed Hat, Inc.
Product-sambadebian_linuxfedoraleapsamba
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2023-3223
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.04% / 79.02%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 13:54
Updated-02 Aug, 2024 | 06:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Undertow: outofmemoryerror due to @multipartconfig handling

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.

Action-Not Available
Vendor-Red Hat, Inc.
Product-single_sign-onopenshift_container_platformenterprise_linuxundertowopenshift_container_platform_for_powerjboss_enterprise_application_platformjboss_enterprise_application_platform_text-only_advisoriesopenshift_container_platform_for_ibm_linuxoneRed Hat Single Sign-On 7.6 for RHEL 7Red Hat support for Spring BootRed Hat Process Automation 7Red Hat Single Sign-On 7.6 for RHEL 9Red Hat JBoss Enterprise Application Platform 7.1.0Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat Single Sign-On 7.6.5Red Hat Data Grid 8Red Hat JBoss Data Grid 7RHEL-8 based Middleware ContainersRed Hat OpenStack Platform 13 (Queens) Operational ToolsRed Hat Integration Service RegistryRed Hat Integration Camel KRed Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat Decision Manager 7Red Hat Single Sign-On 7.6 for RHEL 8Red Hat JBoss Fuse 6Red Hat build of QuarkusRed Hat JBoss Enterprise Application Platform Expansion PackRed Hat Fuse 7.12.1
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2023-32247
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.87% / 89.03%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 15:19
Updated-27 Aug, 2024 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Session setup memory exhaustion denial-of-service vulnerability

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelh500sh410sh300sh700sRed Hat Enterprise Linux 9kernelRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Fedora
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-3171
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.85% / 54.10%
||
7 Day CHG~0.00%
Published-27 Dec, 2023 | 15:45
Updated-02 Aug, 2024 | 06:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Eap-7: heap exhaustion via deserialization

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.

Action-Not Available
Vendor-Red Hat, Inc.
Product-jboss_enterprise_application_platformenterprise_linuxRed Hat JBoss Enterprise Application Platform 7.4 on RHEL 7EAP 7.4.13Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-5685
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.48% / 87.79%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 18:24
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xnio: stackoverflowexception when the chain of notifier states becomes problematically big

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Data Grid 8Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7Red Hat JBoss Fuse Service Works 6Red Hat Integration Camel K 1Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat build of Apache Camel - HawtIO 4Red Hat build of Apache Camel 4.4.0 for Spring BootRed Hat JBoss Enterprise Application Platform 7Red Hat Process Automation 7Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat Build of KeycloakRed Hat JBoss Data Grid 7Red Hat JBoss Enterprise Application Platform 8Red Hat build of Apache Camel for Spring Boot 3
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-54365
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.57% / 43.22%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 12:12
Updated-15 Jul, 2026 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Traefik - Denial of Service via HTTP/2 Request Handling

Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation (CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique). A remote attacker can rapidly create and cancel HTTP/2 streams to exhaust server resources and cause service unavailability.

Action-Not Available
Vendor-traefikTraefikRed Hat, Inc.Go
Product-traefikopenshift_aigoTraefikRed Hat OpenShift AI (RHOAI)Red Hat OpenShift Dev Spaces
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-49795
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 38.02%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 15:19
Updated-07 Jul, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml: null pointer dereference leads to denial of service (dos)

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.Siemens AG
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat JBoss Core Services 2.4.62.SP2Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10libxml2Red Hat Hardened ImagesRUGGEDCOM RST2428P
CWE ID-CWE-825
Expired Pointer Dereference
CVE-2019-3883
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-8.43% / 94.38%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 00:00
Updated-04 Aug, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Fedora Project
Product-debian_linux389_directory_serverenterprise_linux389-ds-base
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2025-4948
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.66% / 47.29%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 15:55
Updated-30 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: integer underflow in soup_multipart_new_from_message() leading to denial of service in libsoup

A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 6
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2025-48431
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.08% / 61.33%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 09:11
Updated-15 Jul, 2026 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.

Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an c_glib-based Thrift server with a clean but fatal "free(): invalid pointer" error message.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software Foundation
Product-thriftApache ThriftOpenShift Service Mesh 2Cryostat 4 on RHEL 9Red Hat OpenStack Platform 18.0Red Hat Advanced Cluster Management for Kubernetes 2.15Red Hat Advanced Cluster Management for Kubernetes 2.16Red Hat AI Inference ServerRed Hat Ceph Storage 5Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Advanced Cluster Management for Kubernetes 2.14Multicluster Global HubRed Hat OpenShift distributed tracing 3.10.1Red Hat OpenShift distributed tracing 3Red Hat Enterprise Linux 8Red Hat Ceph Storage 9Red Hat Ceph Storage 8Red Hat Ceph Storage 6Red Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4
CWE ID-CWE-762
Mismatched Memory Management Routines
CWE ID-CWE-763
Release of Invalid Pointer or Reference
CVE-2023-1973
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.29% / 67.07%
||
7 Day CHG~0.00%
Published-07 Nov, 2024 | 10:01
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Undertow: unrestricted request storage leads to memory exhaustion

A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat JBoss Enterprise Application Platform 7Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
CWE ID-CWE-20
Improper Input Validation
CVE-2026-46340
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 30.26%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 14:19
Updated-15 Jul, 2026 | 02:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netty: SCTP reassembly nests buffers without bound

Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does `fragments.put(streamId, Unpooled.wrappedBuffer(frag, byteBuf))`, wrapping the previous accumulator and the new slice into a *new* CompositeByteBuf every time. After N fragments the accumulator is an N-deep chain of composites, each holding references and component arrays; readableBytes()/getBytes() on the final buffer recurse N levels. There is no limit on N, on total bytes, or on the number of streamIdentifiers an attacker can open (each gets its own map entry). A peer that never sets the `complete` flag can grow this structure indefinitely from tiny 1-byte DATA chunks. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Action-Not Available
Vendor-Red Hat, Inc.The Netty Project
Product-nettynettyRed Hat Data Grid 8Red Hat JBoss Enterprise Application Platform 7Red Hat build of Apache Camel 4.18.1.P1 for Spring Boot 3.5.16Red Hat Fuse 7Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-9064
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.81% / 53.00%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 09:00
Updated-15 Jul, 2026 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
389-ds-base: 389-ds-base: unbounded ldap controls count in get_ldapmessage_controls_ext() causes cpu and heap amplification (remote dos)

A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls within the default maximum BER message size (2 MB), causing excessive CPU consumption and heap allocation on the server. Under concurrent exploitation, this leads to significant latency degradation, worker thread starvation, or out-of-memory termination, resulting in a denial of service.

Action-Not Available
Vendor-Red Hat, Inc.
Product-389_directory_serverdirectory_serverenterprise_linuxRed Hat Directory Server 13Red Hat Directory Server 12.4 E4S for RHEL 9Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 6Red Hat Directory Server 11.9 for RHEL 8Red Hat Directory Server 11.7 E4S for RHEL 8Red Hat Directory Server 12Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Directory Server 11.5 E4S for RHEL 8Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Directory Server 12.2 E4S for RHEL 9Red Hat Directory Server 13.2Red Hat Directory Server 13Red Hat Directory Server 12.4 E4S for RHEL 9Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 6Red Hat Directory Server 11.9 for RHEL 8Red Hat Directory Server 11.7 E4S for RHEL 8Red Hat Directory Server 12Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Directory Server 11.5 E4S for RHEL 8Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Directory Server 12.2 E4S for RHEL 9Red Hat Directory Server 13.2
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-9698
Matching Score-8
Assigner-CPAN Security Group
ShareView Details
Matching Score-8
Assigner-CPAN Security Group
CVSS Score-7.5||HIGH
EPSS-0.45% / 36.48%
||
7 Day CHG+0.08%
Published-09 Jun, 2026 | 07:22
Updated-16 Jul, 2026 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DBI versions before 1.648 for Perl saved errors in a limited-sized buffer

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a buffer overflow.

Action-Not Available
Vendor-perlHMBRANDRed Hat, Inc.
Product-dbiDBIRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-44673
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.72%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 20:35
Updated-15 Jul, 2026 | 02:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libyang: lyb_read_string() integer overflow → heap buffer overflow

libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer (NETCONF server, sysrepo, etc.) can trigger a crash or potential heap corruption. This vulnerability is fixed in SO 5.2.15.

Action-Not Available
Vendor-CESNETRed Hat, Inc.
Product-libyangRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-52355
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.73% / 74.99%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 20:03
Updated-21 May, 2026 | 05:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libtiff: tiffrasterscanlinesize64 produce too-big size and could cause oom

An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.

Action-Not Available
Vendor-LibTIFFRed Hat, Inc.
Product-libtiffenterprise_linuxRed Hat Enterprise Linux 8Red Hat Discovery 2Red Hat AI Inference Server 3.2Red Hat Enterprise Linux 7Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-52356
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.19% / 80.40%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 20:03
Updated-10 Jun, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libtiff: segment fault in libtiff in tiffreadrgbatileext() leading to denial of service

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

Action-Not Available
Vendor-LibTIFFRed Hat, Inc.
Product-enterprise_linuxlibtiffRed Hat Enterprise Linux 7Red Hat Discovery 2Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat AI Inference Server 3.2Red Hat Enterprise Linux 10Red Hat AI Inference Server 3.3
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-7568
Matching Score-8
Assigner-PHP Group
ShareView Details
Matching Score-8
Assigner-PHP Group
CVSS Score-6.3||MEDIUM
EPSS-0.46% / 36.70%
||
7 Day CHG~0.00%
Published-10 May, 2026 | 03:42
Updated-15 Jul, 2026 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Signed integer overflow in metaphone()

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed integer overflow occurs, resulting in undefined behavior. This can lead to an out-of-bounds read, causing a segmentation fault or access to unrelated memory, and may affect the availability of the PHP process.

Action-Not Available
Vendor-Red Hat, Inc.The PHP Group
Product-phpPHPRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened Images
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-6747
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 32.33%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 12:40
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in the WebRTC component

Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-thunderbirdfirefoxThunderbirdFirefoxRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update Support
CWE ID-CWE-416
Use After Free
CWE ID-CWE-825
Expired Pointer Dereference
CVE-2026-7307
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.60%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 10:52
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: keycloak: denial of service via specially crafted saml input

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service (DoS) where the server becomes unavailable.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.2Red Hat build of Keycloak 26.4.12Red Hat build of Keycloak 26.4Red Hat build of Keycloak 26.2.16Red Hat build of Keycloak 26.2Red Hat build of Keycloak 26.4.12Red Hat build of Keycloak 26.4Red Hat build of Keycloak 26.2.16
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CVE-2026-6746
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 44.12%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 12:40
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in the DOM: Core & HTML component

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-thunderbirdfirefoxThunderbirdFirefoxRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update Support
CWE ID-CWE-416
Use After Free
CWE ID-CWE-825
Expired Pointer Dereference
CVE-2026-7263
Matching Score-8
Assigner-PHP Group
ShareView Details
Matching Score-8
Assigner-PHP Group
CVSS Score-6.3||MEDIUM
EPSS-0.35% / 27.59%
||
7 Day CHG~0.00%
Published-10 May, 2026 | 04:43
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS attack via DOMNode::C14N()

In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial of service in the processing application.

Action-Not Available
Vendor-Red Hat, Inc.The PHP Group
Product-phpPHPRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened Images
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-6732
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 46.25%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 22:19
Updated-30 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml2: libxml2: denial of service via crafted xsd-validated document

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.

Action-Not Available
Vendor-Red Hat, Inc.libxml2 (XMLSoft)IBM Corporation
Product-libxml2hardened_imagesviosenterprise_linuxopenshift_container_platformjboss_core_servicesaixRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat JBoss Core ServicesRed Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-7262
Matching Score-8
Assigner-PHP Group
ShareView Details
Matching Score-8
Assigner-PHP Group
CVSS Score-2.9||LOW
EPSS-0.78% / 51.83%
||
7 Day CHG~0.00%
Published-10 May, 2026 | 04:00
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL pointer dereference in SOAP apache:Map decoder with missing <value>

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element.  This leads to dereferences a NULL pointer, causing a segmentation fault. This allows a remote unauthenticated attacker to crash the PHP SOAP server process, resulting in denial of service.

Action-Not Available
Vendor-Red Hat, Inc.The PHP Group
Product-phpPHPRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened Images
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-6754
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 31.00%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 12:40
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in the JavaScript Engine component

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-thunderbirdfirefoxThunderbirdFirefoxRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update Support
CWE ID-CWE-416
Use After Free
CWE ID-CWE-825
Expired Pointer Dereference
CVE-2026-6918
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-8.7||HIGH
EPSS-0.52% / 40.54%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 12:29
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message.

Action-Not Available
Vendor-Red Hat, Inc.Eclipse Foundation AISBL
Product-openj9Eclipse OpenJ9Red Hat Enterprise Linux 10.2 Extended Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update Support
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CVE-2026-5946
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-1.81% / 76.19%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 13:10
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invalid handling of CLASS != IN

Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests reaching the affected code paths — recursion, dynamic updates (`UPDATE`), zone change notifications (`NOTIFY`), or processing of `IN`-specific record types in non-`IN` data — can cause assertion failures in `named`. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.

Action-Not Available
Vendor-Red Hat, Inc.Internet Systems Consortium, Inc.
Product-bindBIND 9Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-617
Reachable Assertion
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-5947
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-1.39% / 69.18%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 13:10
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SIG(0) validation during query flood may lead to undefined behavior

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.28 through 9.18.49 and 9.18.28-S1 through 9.18.49-S1 are NOT affected.

Action-Not Available
Vendor-Red Hat, Inc.Internet Systems Consortium, Inc.
Product-bindBIND 9Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-416
Use After Free
CVE-2019-14888
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.14% / 79.98%
||
7 Day CHG+0.02%
Published-23 Jan, 2020 | 16:25
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

Action-Not Available
Vendor-Red Hat, Inc.NetApp, Inc.
Product-jboss_data_gridsingle_sign-onjboss_fuseactive_iq_unified_managerundertowjboss_enterprise_application_platformundertow
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-2100
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.16% / 63.58%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 20:01
Updated-19 Jul, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
P11-kit: null dereference via c_derivekey with specific null parameters

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.

Action-Not Available
Vendor-p11-kit_projectp11-glueRed Hat, Inc.
Product-hardened_imagesenterprise_linuxp11-kitRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Cost Management Metrics Operator 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Insights proxy 1.5Red Hat Update Infrastructure 5Red Hat Enterprise Linux 10Red Hat Hardened Imagesp11-kitRed Hat OpenShift Container Platform 4
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2025-4056
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 35.33%
||
7 Day CHG~0.00%
Published-28 Jul, 2025 | 12:40
Updated-30 Jun, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: glib crash after long command line

A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.

Action-Not Available
Vendor-Red Hat, Inc.The GNOME ProjectMicrosoft Corporation
Product-glibwindowsRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-3891
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.21% / 65.11%
||
7 Day CHG~0.00%
Published-29 Apr, 2025 | 11:56
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabled

A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.

Action-Not Available
Vendor-The Apache Software FoundationDebian GNU/LinuxRed Hat, Inc.
Product-http_serverdebian_linuxenterprise_linuxRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
CWE ID-CWE-248
Uncaught Exception
CVE-2026-4891
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-5.3||MEDIUM
EPSS-6.23% / 92.74%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 16:47
Updated-15 Jul, 2026 | 02:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2026-4891

A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.

Action-Not Available
Vendor-dnsmasqRed Hat, Inc.
Product-dnsmasqRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-32913
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.79% / 52.19%
||
7 Day CHG+0.06%
Published-14 Apr, 2025 | 13:37
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition header

A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-32906
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.92% / 56.17%
||
7 Day CHG+0.08%
Published-14 Apr, 2025 | 13:58
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: out of bounds reads in soup_headers_parse_request()

A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-32908
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.57% / 43.48%
||
7 Day CHG+0.04%
Published-14 Apr, 2025 | 14:00
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: denial of service on libsoup through http/2 server

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS).

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-115
Misinterpretation of Input
CVE-2025-32049
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.82% / 53.20%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 13:36
Updated-30 Jun, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: denial of service attack to websocket server

A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 6
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-58016
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.37% / 29.60%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 13:02
Updated-01 Jul, 2026 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"

A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8GLibRed Hat Enterprise Linux 6
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-44488
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.63% / 46.15%
||
7 Day CHG~0.00%
Published-11 Jun, 2026 | 15:37
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Axios: Allocation of Resources Without Limits or Throttling in axios

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolved to the fetch adapter, could receive or send bodies larger than maxContentLength or maxBodyLength despite those limits being explicitly configured. This can cause resource exhaustion in server-side usage when a malicious or compromised server returns an oversized response, when an attacker can supply a large data: URL, or when an application forwards attacker-controlled request bodies through axios while relying on maxBodyLength as a boundary. This vulnerability is fixed in 0.32.0 and 1.16.0.

Action-Not Available
Vendor-axiosaxiosRed Hat, Inc.
Product-axiosaxiosRed Hat Advanced Cluster Security for Kubernetes 4.9Red Hat Satellite 6.19Red Hat OpenShift Container Platform 4.21Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Quay 3.16OpenShift PipelinesRed Hat OpenShift Service Mesh 3.3Red Hat OpenShift Container Platform 4.15Red Hat Advanced Cluster Management for Kubernetes 2.14Red Hat OpenShift Service Mesh 3.2Red Hat Advanced Cluster Management for Kubernetes 2.11Red Hat OpenShift Service Mesh 2.6Red Hat 3scale API Management Platform 2Red Hat Build of Podman Desktop - Tech PreviewRed Hat Discovery 2Red Hat Developer Hub 1.10Red Hat Quay 3.10multicluster engine for Kubernetes 2.6Network Observability OperatorRed Hat OpenShift AI (RHOAI)multicluster engine for Kubernetes 2.9multicluster engine for Kubernetes 2.8Self-service automation portal 2Red Hat Trusted Profile AnalyzerRed Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Fuse 7Gatekeeper 3Red Hat Advanced Cluster Management for Kubernetes 2.13Migration Toolkit for ContainersRed Hat build of Apicurio Registry 3Red Hat Quay 3.9Red Hat OpenShift Container Platform 4.14Red Hat Ansible Automation Platform 2.6Red Hat build of Apache Camel for Spring Boot 4Red Hat Enterprise Linux 9Red Hat Data Grid 8Red Hat Enterprise Linux AI (RHEL AI) 3OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat build of Apache Camel - HawtIO 4Red Hat OpenShift Service Mesh 3Cryostat 4Red Hat OpenShift Virtualization 4Red Hat Developer Hub 1.9Red Hat OpenShift Container Platform 4.20Migration Toolkit for Applications 8Red Hat OpenShift Dev Spaces 3.29Red Hat OpenShift Container Platform 4.16Red Hat AMQ Broker 7Red Hat OpenShift Container Platform 4
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-58011
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.61%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 12:57
Updated-02 Jul, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corrupt the date output and potentially cause logic errors that may lead to a denial of service.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8GLibRed Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-2586
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.51% / 40.01%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 11:33
Updated-25 Jun, 2026 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ols: unauthenticated metrics flooding in openshift lightspeed service leading to resource exhaustion

A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk usage, and potential service unavailability. Since the issue does not require authentication, an external attacker can exhaust CPU, RAM, and disk space, impacting both application and cluster stability.

Action-Not Available
Vendor-Red Hat, Inc.
Product-OpenShift Lightspeed
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-5807
Matching Score-8
Assigner-HashiCorp Inc.
ShareView Details
Matching Score-8
Assigner-HashiCorp Inc.
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.71%
||
7 Day CHG~0.00%
Published-17 Apr, 2026 | 03:22
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This vulnerability, CVE-2026-5807, is fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0.

Action-Not Available
Vendor-Red Hat, Inc.HashiCorp, Inc.
Product-vaultVault EnterpriseVaultRed Hat Openshift Data Foundation 4Red Hat OpenShift Container Platform 4
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 13
  • 14
  • Next
Details not found