Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Red Hat Enterprise Linux 8

Source -

ADPCNA

CNA CVEs -

767

ADP CVEs -

664

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1377Vulnerabilities found

CVE-2026-16118
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.14% / 3.44%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 19:44
Updated-17 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xdgmime: heap-based buffer overflow in _xdg_mime_magic_parse_magic_line() in xdgmimemagic.c

A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in _xdg_mime_magic_parse_magic_line() in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location (e.g., in the $XDG_DATA_HOME/mime/magic path) is parsed by an application performing MIME type detection (e.g., via g_content_type_guess()). When performing byte-swap, incorrect pointer arithmetic on the write side causes an out-of-bounds write of 2 bytes, resulting in an application crash or memory corruption.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-5674
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.12% / 2.22%
||
7 Day CHG~0.00%
Published-16 Jul, 2026 | 13:26
Updated-16 Jul, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pipewire: pipewire: sandbox escape and arbitrary code execution via malicious library loading

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library, leading to arbitrary code execution outside the sandbox and potential compromise of the user's system.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2026-48863
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.83%
||
7 Day CHG~0.00%
Published-16 Jul, 2026 | 00:46
Updated-18 Jul, 2026 | 03:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsolv: stack-based buffer overflow in libsolv eddsa pgp signature verification allows denial of service

A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows.

Action-Not Available
Vendor-Red Hat, Inc.openSUSE
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7libsolvRed Hat Enterprise Linux 8Red Hat Update Infrastructure 4 for Cloud ProvidersRed Hat Satellite 6Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Update Infrastructure 4 for Cloud ProvidersRed Hat Satellite 6Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-3842
Assigner-Fedora Project
ShareView Details
Assigner-Fedora Project
CVSS Score-7.8||HIGH
EPSS-0.12% / 1.98%
||
7 Day CHG~0.00%
Published-16 Jul, 2026 | 00:20
Updated-16 Jul, 2026 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qemu-kvm: hyperv/syndbg: missing mapped-length guard after cpu_physical_memory_map causes host oob write

A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpu_physical_memory_map() returns a shorter length than expected, leading to an out-of-bounds write. Successful exploitation could result in unauthorized access to guest memory or corruption of heap-allocated objects, potentially causing information disclosure, data integrity issues, or a denial of service.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-15779
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.10% / 1.23%
||
7 Day CHG~0.00%
Published-15 Jul, 2026 | 12:33
Updated-15 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samba-winbind: samba: pam_winbind mkhomedir chowns critical system paths without validation

A flaw was found in samba's pam_winbind. When mkhomedir is enabled, pam_winbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory (a common default for system accounts) can have this triggered not only by root, but by a non-root user holding a narrow sudo delegation to run commands as that account, causing ownership of / to change and resulting in severe denial of service (SSH, sudo, and package-manager failures). The change does not grant write access to / (which ships with restrictive 0555 permissions on RHEL), so the impact is availability loss rather than further privilege escalation.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2026-15714
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 31.33%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:50
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: soupmultipartinputstream: libsoup: out-of-bounds read in soup_multipart_input_stream_read_headers via an oversized multipart boundary string

An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soup_multipart_input_stream_read_headers() function inside soup-multipart-input-stream.c, which does not adequately restrict or validate the size of incoming multipart boundary strings. When processing a crafted HTTP response containing a malformed or oversized boundary parameter, the internal stream reader reads past the allocated buffer bounds. A remote, unauthenticated attacker can exploit this behavior to cause a service denial (DoS) through application failure or potentially read fragments of unauthorized memory metadata.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-15713
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.35% / 27.13%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:45
Updated-15 Jul, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: soupcache: libsoup: http/2 frame window exhaustion remote denial of service via memory leak

A vulnerability was found in libsoup's HTTP/2 protocol implementation. The library fails to correctly release memory context blocks under specific stream termination conditions, such as when an HTTP/2 connection encounters window exhaustion or explicit stream resets. A remote, unauthenticated attacker acting as a malicious network peer can trick the connection engine into allocating stream states that are subsequently leaked during cleanup. Over a sustained period, this flaw allows the remote attacker to consume the system's heap allocations incrementally, triggering a denial of service (DoS) through an ultimate Out-of-Memory (OOM) application crash.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2026-15711
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.90%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:45
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: soupwebsocketconnection: libsoup: websocket remote denial of service via oversized control frame protocol violation

A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 §5.5, which mandates that all WebSocket control frames (e.g., PING, PONG, CLOSE) contain a payload of 125 bytes or less. A remote, unauthenticated attacker can exploit this by sending a non-compliant, oversized control frame. Because the parser handles this protocol violation improperly instead of throwing an immediate connection termination error, it triggers a internal processing crash, resulting in a remote denial of service (DoS) for applications utilizing libsoup WebSockets.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-15709
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.55% / 42.25%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:41
Updated-15 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Soupwebsocketextensiondeflate: libsoup: libsoup: websocket permessage-deflate unbounded decompression remote denial of service

A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop (inflate()) processes data in chunks without enforcing an upper boundary limit on the output buffer size. While libsoup limits the incoming compressed frame size via max_incoming_payload_size, it fails to track or limit memory allocation during decompression. A separate check for decompressed size (max_total_message_size) exists but executes only after inflation is complete, and it is entirely disabled by default for client connections. A remote, unauthenticated attacker can exploit this by sending a small, highly compressed payload (a decompression bomb), causing unbounded memory allocation that triggers an Out-of-Memory (OOM) crash and a Denial of Service (DoS).

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10
CWE ID-CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
CVE-2026-15028
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-3.9||LOW
EPSS-0.20% / 10.37%
||
7 Day CHG~0.00%
Published-10 Jul, 2026 | 09:55
Updated-15 Jul, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libarchive: heap overflow oob read while parsing a tar archive contains a pax extended header

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-59692
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 23.07%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 09:35
Updated-09 Jul, 2026 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gstreamer: gstreamer: dtls certificate subject dn stack buffer overflow in openssl_verify_callback

A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a fixed-size 2048-byte stack buffer without bounds checking. A remote unauthenticated attacker can send a certificate with an oversized Subject DN that exceeds the buffer, causing a stack buffer overflow and process crash, resulting in denial of service.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-59691
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.25% / 15.98%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 09:34
Updated-09 Jul, 2026 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gstreamer: gstreamer: rfbsrc/librfb hextile heap out-of-bounds write with 16bpp framebuffer

A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client connects to a malicious RFB/VNC server that advertises a 16bpp framebuffer and sends Hextile-encoded updates, the Hextile background fill path writes 32-bit pixel values into a buffer allocated for 16-bit pixels. This type mismatch causes an out-of-bounds heap write that can lead to denial of service (process crash) and potential memory corruption.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-15041
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-0.30% / 21.94%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 10:15
Updated-08 Jul, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
389-ds-base: 389-ds-base: non-constant-time comparison in pbkdf2-sha256 password verification

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash information, though practical exploitation is extremely difficult due to PBKDF2 computational overhead.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Directory Server 13Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Directory Server 11Red Hat Directory Server 12Red Hat Enterprise Linux 10
CWE ID-CWE-208
Observable Timing Discrepancy
CVE-2026-14969
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.08% / 0.16%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 15:48
Updated-09 Jul, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
389-ds-base: 389-ds-base: static initialization vector in aes-cbc/3des-cbc attribute encryption

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext blocks.

Action-Not Available
Vendor-Red Hat, Inc.
Product-389_directory_serverdirectory_serverenterprise_linuxRed Hat Enterprise Linux 9Red Hat Directory Server 13Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Directory Server 11Red Hat Directory Server 12Red Hat Enterprise Linux 10
CWE ID-CWE-329
Generation of Predictable IV with CBC Mode
CVE-2026-14935
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-0.15% / 4.66%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 15:37
Updated-07 Jul, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gstreamer: gstreamer: webrtcbin accepts remote sdp without a=fingerprint due to inverted presence check

A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attacker with the ability to intercept and modify WebRTC signaling messages could exploit this to bypass the SDP-level DTLS certificate fingerprint binding, weakening defenses against man-in-the-middle attacks on media streams.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10
CWE ID-CWE-670
Always-Incorrect Control Flow Implementation
CVE-2026-14940
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 21.31%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 13:54
Updated-09 Jul, 2026 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
389-ds-base: 389-ds-base: heap-buffer-overflow in dn normalization via quoted multivalued rdn

A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), the server can write past the end of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated remote attacker can trigger this condition by sending an LDAP operation whose DN reaches the DN normalization routine, such as a search with a crafted base DN. This can corrupt heap memory and may cause denial of service.

Action-Not Available
Vendor-Red Hat, Inc.
Product-389_directory_serverdirectory_serverenterprise_linuxRed Hat Enterprise Linux 9Red Hat Directory Server 13Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Directory Server 11Red Hat Directory Server 12Red Hat Enterprise Linux 10
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-11610
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.63% / 46.02%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 09:17
Updated-08 Jul, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
389-ds-base: 389-ds-base: heap buffer overflow in sasl_io_recv() via padded sasl unbind

A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). After a successful SASL bind with integrity protection (SSF > 0), an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer without a bounds check in sasl_io_recv() in sasl_io.c. This allows up to approximately 2 megabytes of attacker-controlled data to overflow the buffer, causing a denial of service (server crash). In FreeIPA and Red Hat Identity Management deployments, any domain user with a valid Kerberos ticket, any enrolled host, or any service account can trigger this vulnerability over the network after authenticating via GSSAPI. The vulnerable code path has existed since approximately 2013 (389-ds-base 1.3.2) and was not addressed by the CVE-2025-14905 fix, which patched a separate heap overflow in schema.c only.

Action-Not Available
Vendor-389dsRed Hat, Inc.
Product-Red Hat Directory Server 13Red Hat Directory Server 12.4 E4S for RHEL 9Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 6Red Hat Directory Server 11.9 for RHEL 8Red Hat Directory Server 11.7 E4S for RHEL 8Red Hat Directory Server 12Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Directory Server 11.5 E4S for RHEL 8Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Directory Server 12.2 E4S for RHEL 9389-ds-baseRed Hat Directory Server 13.2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-14476
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8||HIGH
EPSS-0.50% / 39.58%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 09:12
Updated-07 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sssd: sssd: gpo cache path traversal via unsanitized gpcfilesyspath allows kerberos authentication bypass

A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL configurations with SELinux enforcing, this can be used to inject Kerberos configuration leading to authentication bypass.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4
CWE ID-CWE-23
Relative Path Traversal
CVE-2026-14474
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.35% / 27.06%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 09:12
Updated-07 Jul, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sssd: sssd: sudo ldap provider searches entire directory tree for sudorole objects by default, enabling privilege escalation

A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo privileges on all SSSD-enrolled hosts.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2026-58384
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.22% / 12.40%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 07:44
Updated-16 Jul, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gimp: gimp: integer overflow in read_rle_channel()

A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.

Action-Not Available
Vendor-Red Hat, Inc.GIMP
Product-enterprise_linuxgimpRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-59089
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 10.91%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 19:38
Updated-10 Jul, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gimp: gimp: denial of service via integer overflow in playstation tim loader

A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying num_colors and num_cluts, both 16-bit unsigned short integers, resulting in a value exceeding the maximum integer limit. An attacker could exploit this by providing a specially crafted image file, leading to undefined behavior and causing the GIMP plug-in to abort, effectively resulting in a denial of service.

Action-Not Available
Vendor-Red Hat, Inc.GIMP
Product-enterprise_linuxgimpRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-58380
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.22% / 12.06%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 13:58
Updated-16 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gimp: gimp: stack buffer overflow in pnmscanner_gettoken()

A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.

Action-Not Available
Vendor-Red Hat, Inc.GIMP
Product-enterprise_linuxgimpRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8
CWE ID-CWE-193
Off-by-one Error
CVE-2026-58379
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.23% / 14.10%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 18:29
Updated-13 Jul, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gimp: gimp: heap buffer overflow in read_channel_data()

A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the software incorrectly calculates buffer sizes when processing low bit-depth images, leading to an overwrite of adjacent memory.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-14612
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.14% / 3.94%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 15:11
Updated-07 Jul, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Freeipa: ipa: idm: freeipa: off-by-one buffer overflows in ipa-otpd oauth2.c during oauth2 device authorization

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may be able to trigger ipa-otpd to write or read one byte past the end of a fixed-size buffer. Exploitation requires FreeIPA to be configured with an external IdP, attacker control or MITM of that IdP, and a user to initiate the OAuth2 device authorization flow. The most likely impact is limited denial of service affecting the ipa-otpd daemon.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-14544
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 45.62%
||
7 Day CHG+0.11%
Published-03 Jul, 2026 | 07:26
Updated-16 Jul, 2026 | 12:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hplip: incomplete fix for cve-2026-8631

A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling specially crafted print data.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-58381
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.12% / 2.00%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 19:45
Updated-07 Jul, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gimp: gimp: double-free in read_layer_block()

A flaw was found in GIMP's PSP file format parser. A double-free condition occurs in the read_layer_block() function when processing a specially crafted PSP file. This could allow an attacker to cause memory corruption, potentially leading to denial of service or arbitrary code execution.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8
CWE ID-CWE-415
Double Free
CVE-2026-14330
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 1.03%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:09
Updated-01 Jul, 2026 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pipewire: pulse server alloca stack overflow

Multiple unbounded alloca() calls in the PulseAudio protocol server.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-14324
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 7.14%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:09
Updated-01 Jul, 2026 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pipewire: raop rtsp null deref

RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-58016
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.37% / 29.60%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 13:02
Updated-01 Jul, 2026 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"

A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8GLibRed Hat Enterprise Linux 6
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-58015
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.42% / 33.91%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 13:02
Updated-02 Jul, 2026 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive

A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7GLibRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened Images
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-58014
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.29% / 21.20%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 12:57
Updated-01 Jul, 2026 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: off-by-one error in glib/gkeyfile.c via "g_key_file_get_locale_string_list"

A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8GLibRed Hat Enterprise Linux 6
CWE ID-CWE-193
Off-by-one Error
CVE-2026-58013
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 25.07%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 12:57
Updated-02 Jul, 2026 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"

A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8GLibRed Hat Enterprise Linux 6
CWE ID-CWE-126
Buffer Over-read
CVE-2026-58012
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 24.35%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 12:57
Updated-02 Jul, 2026 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()

A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This vulnerability can cause a minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8GLibRed Hat Enterprise Linux 6
CWE ID-CWE-126
Buffer Over-read
CVE-2026-58011
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.61%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 12:57
Updated-02 Jul, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corrupt the date output and potentially cause logic errors that may lead to a denial of service.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8GLibRed Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-58010
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 24.35%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 12:57
Updated-02 Jul, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal()

A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bounds read of only 1 byte. This issue can cause a minor information disclosure of 1 byte and a denial of service when the out-of-bounds read crosses a page boundary.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8GLibRed Hat Enterprise Linux 6
CWE ID-CWE-126
Buffer Over-read
CVE-2026-12610
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.15% / 5.04%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 08:27
Updated-30 Jun, 2026 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sssd: use-after-free crash in sssd' 'sssd_pam' process

A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of service that disrupts authentication. This vulnerability also presents a potential for privilege escalation, although it is difficult to exploit.

Action-Not Available
Vendor-Fedora ProjectRed Hat, Inc.
Product-sssdenterprise_linuxRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-825
Expired Pointer Dereference
CVE-2026-14164
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.35% / 27.29%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 06:29
Updated-30 Jun, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libarchive: double-free vulnerability in rar5 decompression logic via dangling filtered_buf pointer in init_unpack()

A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filtered_buf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of the same memory region, resulting in a double-free condition. Successful exploitation may cause applications using the vulnerable libarchive API to terminate unexpectedly, leading to a denial of service.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-415
Double Free
CVE-2026-13757
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.14% / 3.52%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 18:44
Updated-13 Jul, 2026 | 06:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
P11-kit: stack exhaustion via unbounded recursion in rpc attribute parsing

A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no recursion depth limit when processing nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TEMPLATE attributes. An unauthenticated attacker with local access to the p11-kit RPC Unix domain socket can send a specially crafted request with deeply nested template attributes, causing stack exhaustion and crashing the p11-kit server process and its dependent services.

Action-Not Available
Vendor-p11-kit_projectRed Hat, Inc.
Product-hardened_imagesenterprise_linuxopenshift_container_platformp11-kitRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2026-12912
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.23% / 13.97%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 16:31
Updated-15 Jul, 2026 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libtiff: libtiff: heap-based buffer overflow via crafted pixarlog-compressed tiff image

A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT_8BITABGR output format and a specific stride value, leading to a heap-based buffer overflow. This could potentially result in arbitrary code execution or a denial of service (DoS).

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened Images
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-54371
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.14% / 3.41%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 12:39
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component can redirect getfattr and setfattr operations to arbitrary files by substituting a symlink, leading to local privilege escalation when getfattr or setfattr is invoked by a privileged process over an attacker-controlled path.

Action-Not Available
Vendor-attr projectRed Hat, Inc.
Product-attrRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-54369
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.14% / 3.95%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 12:37
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who control any component of a pathname processed by a privileged caller can redirect ACL read or write operations to arbitrary files or directories, enabling unauthorized manipulation of access control lists and local privilege escalation.

Action-Not Available
Vendor-acl projectRed Hat, Inc.
Product-aclRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-13601
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.12% / 2.18%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 09:20
Updated-15 Jul, 2026 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications

A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpak's intended sandbox isolation, allowing Yelp to evaluate local XML inclusions and disclose arbitrary user-readable host files through remote CSS resource requests. This may result in the unauthorized disclosure of sensitive information.

Action-Not Available
Vendor-Red Hat, Inc.The GNOME Project
Product-yelpenterprise_linuxRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-13595
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 1.62%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 08:06
Updated-08 Jul, 2026 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Util-linux: util-linux: heap use-after-free in libblkid nested partition probing

A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be reallocated, this pointer becomes stale, leading to a heap use-after-free read. An attacker who can present a crafted block device image (for example, via USB insertion or a loop-mounted disk image) can trigger this flaw without user interaction, as libblkid is invoked automatically by udev/udisks as root on block-device hot-plug events. This could lead to limited information disclosure or denial of service.

Action-Not Available
Vendor-Red Hat, Inc.Linux Kernel Organization, Inc
Product-hardened_imagesutil-linuxopenshift_container_platformenterprise_linuxRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8
CWE ID-CWE-416
Use After Free
CVE-2026-57966
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.14% / 3.37%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 07:53
Updated-08 Jul, 2026 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spice-vdagent: path traversal in file transfer via unsanitized filename

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized before being used. An attacker could exploit this to write to sensitive locations with the privileges of the spice-vdagent process, typically the logged-in user. This issue requires the SPICE host to be untrusted or compromised for exploitation.

Action-Not Available
Vendor-spice-spaceRed Hat, Inc.
Product-spice-vdagententerprise_linuxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-57965
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.12% / 2.02%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 07:53
Updated-08 Jul, 2026 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spice-vdagent: integer overflow in udscs_write() leading to heap buffer overflow

A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service (DoS) for the virtual machine. This issue requires the SPICE host to be untrusted or compromised for exploitation.

Action-Not Available
Vendor-spice-spaceRed Hat, Inc.
Product-spice-vdagententerprise_linuxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-53322
Assigner-kernel.org
ShareView Details
Assigner-kernel.org
CVSS Score-8.8||HIGH
EPSS-0.18% / 7.99%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 19:41
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
vfio/pci: Clean up DMABUFs before disabling function

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfio_pci_core_close_device() call vfio_pci_dma_buf_cleanup() before the function is disabled via vfio_pci_core_disable(). This ensures that all access via DMABUFs is revoked before the function's BARs become inaccessible. This fixes an issue where, if the function is disabled first, a tiny window exists in which the function's MSE is cleared and yet BARs could still be accessed via the DMABUF. The resources would also be freed and up for grabs by a different driver.

Action-Not Available
Vendor-Red Hat, Inc.Linux Kernel Organization, Inc
Product-linux_kernelLinuxRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10
CWE ID-CWE-415
Double Free
CWE ID-CWE-826
Premature Release of Resource During Expected Lifetime
CVE-2026-53281
Assigner-kernel.org
ShareView Details
Assigner-kernel.org
CVSS Score-8.8||HIGH
EPSS-0.13% / 2.97%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 19:40
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iommu/vt-d: Avoid NULL pointer dereference or refcount corruption

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid NULL pointer dereference or refcount corruption Commit 60f030f7418d ("iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE") fixed a NULL pointer dereference in an unlikely situation partly. If dev_pasid is not found in the dev_pasids list, it remains NULL. However, the teardown operations are executed unconditionally, this lead to a NULL pointer dereference or refcount corruption. If the domain was never attached to this IOMMU, info will be NULL, which would cause an immediate dereference when checking --info->refcnt. Even if info is not NULL, decrementing the refcount without having removed a valid PASID might unbalance the count. This could lead to premature dropping of the refcount to 0, potentially causing a use-after-free for the remaining active devices sharing the domain. Fix it by returning early if dev_pasid is NULL, before executing the teardown operations. Issue found by AI review and suggested by Kevin Tian. https://sashiko.dev/#/patchset/20260421031347.1408890-1-zhenzhong.duan%40intel.com

Action-Not Available
Vendor-Red Hat, Inc.Linux Kernel Organization, Inc
Product-linux_kernelLinuxRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-48618
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-7.7||HIGH
EPSS-2.49% / 82.82%
||
7 Day CHG+1.81%
Published-26 Jun, 2026 | 01:14
Updated-16 Jul, 2026 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

Action-Not Available
Vendor-Red Hat, Inc.Node.js (OpenJS Foundation)
Product-node.jsnodeRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Hardened Images
CWE ID-CWE-176
Improper Handling of Unicode Encoding
CWE ID-CWE-289
Authentication Bypass by Alternate Name
CVE-2026-48933
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-2.81% / 84.91%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 01:14
Updated-16 Jul, 2026 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

Action-Not Available
Vendor-Red Hat, Inc.Node.js (OpenJS Foundation)
Product-node.jsnodeRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Hardened Images
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-53277
Assigner-kernel.org
ShareView Details
Assigner-kernel.org
CVSS Score-8.8||HIGH
EPSS-0.11% / 1.80%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 08:40
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation walk_s1() and kvm_walk_nested_s2() expect to be called while holding kvm->srcu to guard against memslot changes. While this is generally the case, __kvm_at_s12() and __kvm_find_s1_desc_level() call into the respective walkers without taking kvm->srcu. Fix by acquiring kvm->srcu prior to the table walk in both instances.

Action-Not Available
Vendor-Red Hat, Inc.Linux Kernel Organization, Inc
Product-linux_kernelLinuxRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10
CWE ID-CWE-662
Improper Synchronization
CWE ID-CWE-820
Missing Synchronization
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 27
  • 28
  • Next