Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

openshift_container_platform

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

314
Related CVEsRelated VendorsRelated AssignersReports
314Vulnerabilities found

CVE-2026-13757
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.14% / 3.52%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 18:44
Updated-13 Jul, 2026 | 06:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
P11-kit: stack exhaustion via unbounded recursion in rpc attribute parsing

A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no recursion depth limit when processing nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TEMPLATE attributes. An unauthenticated attacker with local access to the p11-kit RPC Unix domain socket can send a specially crafted request with deeply nested template attributes, causing stack exhaustion and crashing the p11-kit server process and its dependent services.

Action-Not Available
Vendor-p11-kit_projectRed Hat, Inc.
Product-hardened_imagesenterprise_linuxopenshift_container_platformp11-kitRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2026-13595
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 1.62%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 08:06
Updated-08 Jul, 2026 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Util-linux: util-linux: heap use-after-free in libblkid nested partition probing

A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be reallocated, this pointer becomes stale, leading to a heap use-after-free read. An attacker who can present a crafted block device image (for example, via USB insertion or a loop-mounted disk image) can trigger this flaw without user interaction, as libblkid is invoked automatically by udev/udisks as root on block-device hot-plug events. This could lead to limited information disclosure or denial of service.

Action-Not Available
Vendor-Red Hat, Inc.Linux Kernel Organization, Inc
Product-hardened_imagesutil-linuxopenshift_container_platformenterprise_linuxRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8
CWE ID-CWE-416
Use After Free
CVE-2026-55653
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 15.36%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 03:36
Updated-08 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS).

Action-Not Available
Vendor-Red Hat, Inc.OpenBSD
Product-opensshhardened_imagesenterprise_linuxopenshift_container_platformRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-415
Double Free
CVE-2026-12725
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 32.57%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 13:55
Updated-08 Jul, 2026 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dnsmasq: dnsmasq: heap buffer overflow in log_query() when logging unsupported ds/dnskey replies

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply such a DNS response may crash the dnsmasq process, resulting in denial of service.

Action-Not Available
Vendor-thekelleysRed Hat, Inc.
Product-enterprise_linuxopenshift_container_platformdnsmasqRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-54100
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8.3||HIGH
EPSS-0.18% / 7.85%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 12:46
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft

A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture WICD and kubelet bootstrap credentials transferred during node configuration, enabling compromise of Windows node identities in the cluster.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_container_platformwindows_machine_config_operatorRed Hat OpenShift for Windows ContainersRed Hat OpenShift Container Platform 4Red Hat OpenShift for Windows ContainersRed Hat OpenShift Container Platform 4
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-54099
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.07% / 0.12%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 12:46
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters

A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A compromised Windows worker node that holds WICD credentials can submit a CSR that is auto-approved and signed by the cluster, yielding a client certificate that grants cluster-administrator privileges and enabling full cluster takeover.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_container_platformwindows_machine_config_operatorRed Hat OpenShift for Windows ContainersRed Hat OpenShift Container Platform 4Red Hat OpenShift for Windows ContainersRed Hat OpenShift Container Platform 4
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-1784
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.15% / 4.58%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 07:22
Updated-19 Jul, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ose-cluster-ingress-operator: remote code execution through haproxy configuration injection

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_container_platformRed Hat OpenShift Container Platform 4.2Red Hat OpenShift Container Platform 4.21Red Hat OpenShift Container Platform 4.13Red Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.16Red Hat OpenShift Container Platform 4.15Red Hat OpenShift Container Platform 4.14Red Hat OpenShift Container Platform 4.21Red Hat OpenShift Container Platform 4.13Red Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.20Red Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.16Red Hat OpenShift Container Platform 4.15Red Hat OpenShift Container Platform 4.14
CWE ID-CWE-15
External Control of System or Configuration Setting
CVE-2026-10533
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.23% / 13.80%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 13:19
Updated-08 Jun, 2026 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openshift: openshift: non-admin user can bypass resourcequota and flood etcd with events causing cluster-wide api degradation

A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged user who can create pods in a namespace can exploit this to generate a large volume of events that accumulate in etcd, causing API server performance degradation across the cluster.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_container_platformRed Hat OpenShift Container Platform 4
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-42965
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.7||HIGH
EPSS-0.23% / 13.33%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 09:50
Updated-15 Jul, 2026 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openshift/router: openshift/router: cloud metadata ssrf via fqdn-typed endpointslice bypasses destination validation

A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud metadata endpoint, leading to the disclosure of instance credentials and other sensitive metadata. This bypasses previous security measures for validating IP addresses.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_routeropenshift_container_platformRed Hat OpenShift Container Platform 4Red Hat OpenShift Container Platform 4
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-46579
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-0.24% / 14.80%
||
7 Day CHG+0.01%
Published-29 May, 2026 | 09:50
Updated-19 Jul, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openshift/router: openshift/router: mtls client certificate spoofing via unstripped x-ssl-client headers on http frontend

A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted `X-SSL-Client-*` headers. As a result, backends relying on these headers for mutual TLS (Transport Layer Security) authentication can be bypassed, enabling the attacker to impersonate client certificate identities.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_routeropenshift_container_platformRed Hat OpenShift Container Platform 4.22Red Hat OpenShift Container Platform 4.2Red Hat OpenShift Container Platform 4.21Red Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4Red Hat OpenShift Container Platform 4.20Red Hat OpenShift Container Platform 4.21Red Hat OpenShift Container Platform 4.22Red Hat OpenShift Container Platform 4
CWE ID-CWE-287
Improper Authentication
CVE-2026-4408
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-9||CRITICAL
EPSS-2.50% / 82.92%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 07:25
Updated-15 Jul, 2026 | 02:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samba: remote code execution in samr

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-characters. This vulnerability allows an attacker to achieve remote command execution on the affected system. This issue primarily affects non-standard configurations where the "check password script" is used with %u and the samba-dcerpcd service is started as a system service.

Action-Not Available
Vendor-Red Hat, Inc.Samba
Product-sambaenterprise_linuxopenshift_container_platformRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4.21Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat OpenShift Container Platform 4.20Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4.21Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat OpenShift Container Platform 4.20Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP Solutions
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-1933
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.86% / 54.50%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 12:28
Updated-15 Jul, 2026 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samba: missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types.

Action-Not Available
Vendor-Red Hat, Inc.Samba
Product-sambaenterprise_linuxopenshift_container_platformRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update Service
CWE ID-CWE-284
Improper Access Control
CVE-2026-2340
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.94% / 56.95%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 12:09
Updated-02 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share could overwrite a protected file by renaming a newly created file over the existing WORM-protected file.

Action-Not Available
Vendor-Red Hat, Inc.Samba
Product-sambaenterprise_linuxopenshift_container_platformRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update Service
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-2026-3012
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8||HIGH
EPSS-0.26% / 17.61%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 10:02
Updated-15 Jul, 2026 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.

Action-Not Available
Vendor-Red Hat, Inc.Samba
Product-sambaenterprise_linuxopenshift_container_platformRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update Service
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-48864
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.21% / 10.56%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 16:16
Updated-14 Jul, 2026 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.

Action-Not Available
Vendor-Red Hat, Inc.openSUSE
Product-libsolvupdate_infrastructuresatellitehardened_imagesenterprise_linuxopenshift_container_platformRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Update Infrastructure 4 for Cloud ProvidersRed Hat Satellite 6Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-4480
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-9||CRITICAL
EPSS-12.80% / 95.85%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 13:56
Updated-15 Jul, 2026 | 02:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samba: samba: remote code execution in printing subsystem via unescaped job description

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.

Action-Not Available
Vendor-Red Hat, Inc.Samba
Product-sambaenterprise_linuxopenshift_container_platformRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 6Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 6Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-9149
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 21.02%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 23:34
Updated-27 Jun, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file

A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).

Action-Not Available
Vendor-openSUSERed Hat, Inc.
Product-enterprise_linuxsatellitelibsolvupdate_infrastructureopenshift_container_platformhardened_imagesRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Satellite 6Red Hat Update Infrastructure 4 for Cloud Providers
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-9150
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 32.28%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 23:07
Updated-29 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.

Action-Not Available
Vendor-openSUSERed Hat, Inc.
Product-enterprise_linuxsatellitelibsolvupdate_infrastructureopenshift_container_platformhardened_imagesRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Satellite 6Red Hat Update Infrastructure 4 for Cloud Providers
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-42009
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.33% / 68.00%
||
7 Day CHG~0.00%
Published-18 May, 2026 | 12:44
Updated-16 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gnutls: gnutls: denial of service via dtls packet reordering vulnerability

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.

Action-Not Available
Vendor-Red Hat, Inc.GNU
Product-enterprise_linux_for_elsenterprise_linux_for_power_little_endian_eusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_for_power_little_endian_elsenterprise_linux_for_update_services_for_sap_solutionsenterprise_linux_for_power_little_endianenterprise_linux_for_ibm_z_systemsenterprise_linux_for_ibm_z_systems_elsenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_eushardened_imagesgnutlsopenshift_container_platformenterprise_linuxRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4.21Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4.22Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat AI Inference Server 3.2Red Hat Update Infrastructure 5Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Discovery 2Red Hat OpenShift Container Platform 4.20Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4.21Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4.22Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat AI Inference Server 3.2Red Hat Update Infrastructure 5Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Discovery 2Red Hat OpenShift Container Platform 4.20Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-475
Undefined Behavior for Input to API
CVE-2026-42010
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-1.05% / 60.46%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 12:00
Updated-16 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gnutls: gnutls: authentication bypass via nul character in username

A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.

Action-Not Available
Vendor-Red Hat, Inc.GNU
Product-hardened_imagesgnutlsopenshift_container_platformenterprise_linuxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4.21Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4.22Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat AI Inference Server 3.2Red Hat Update Infrastructure 5Red Hat Discovery 2Red Hat OpenShift Container Platform 4.20Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4.21Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4.22Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat AI Inference Server 3.2Red Hat Update Infrastructure 5Red Hat Discovery 2Red Hat OpenShift Container Platform 4.20Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-170
Improper Null Termination
CWE ID-CWE-626
Null Byte Interaction Error (Poison Null Byte)
CVE-2026-33845
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.80% / 52.69%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 17:41
Updated-16 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gnutls: gnutls: denial of service via dtls zero-length fragment

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.

Action-Not Available
Vendor-Red Hat, Inc.GNU
Product-gnutlsopenshift_container_platformenterprise_linuxRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 6Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat AI Inference Server 3.2Red Hat Update Infrastructure 5Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Discovery 2Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 6Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat AI Inference Server 3.2Red Hat Update Infrastructure 5Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Discovery 2Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-3832
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-0.72% / 49.77%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 17:41
Updated-13 Jul, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.

Action-Not Available
Vendor-Red Hat, Inc.GNU
Product-hardened_imagesgnutlsopenshift_container_platformenterprise_linuxRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Update Infrastructure 5Red Hat Discovery 2Red Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-179
Incorrect Behavior Order: Early Validation
CVE-2026-3833
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 43.18%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 17:37
Updated-13 Jul, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.

Action-Not Available
Vendor-Red Hat, Inc.GNU
Product-hardened_imagesgnutlsopenshift_container_platformenterprise_linuxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 6Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Update Infrastructure 5Red Hat Discovery 2Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-178
Improper Handling of Case Sensitivity
CVE-2026-7309
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 7.60%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 12:33
Updated-07 May, 2026 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openshift-controller-manager: openshift container platform: information disclosure via environment variable injection

A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-build` containers through the `buildconfigs/instantiate` API. This incomplete fix for a previous vulnerability allows for information disclosure, specifically impacting the confidentiality of build traffic.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_container_platformRed Hat OpenShift Container Platform 4
CWE ID-CWE-426
Untrusted Search Path
CVE-2026-6732
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 46.25%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 22:19
Updated-30 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml2: libxml2: denial of service via crafted xsd-validated document

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.

Action-Not Available
Vendor-Red Hat, Inc.libxml2 (XMLSoft)IBM Corporation
Product-libxml2hardened_imagesviosenterprise_linuxopenshift_container_platformjboss_core_servicesaixRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat JBoss Core ServicesRed Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-6846
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.72%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 08:37
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binutils: binutils: arbitrary code execution via malformed xcoff object file processing

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.

Action-Not Available
Vendor-Red Hat, Inc.GNU
Product-binutilshardened_imagesenterprise_linuxopenshift_container_platformRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-6844
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 1.22%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 08:37
Updated-20 May, 2026 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binutils: binutils: denial of service vulnerabilities in readelf via crafted elf files

A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory condition. The other, a null pointer dereference (CWE-476), can cause a segmentation fault. Both issues can result in the `readelf` utility becoming unresponsive or crashing, leading to a denial of service.

Action-Not Available
Vendor-Red Hat, Inc.GNU
Product-enterprise_linuxbinutilshardened_imagesopenshift_container_platformRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 8Red Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-6843
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 1.41%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 08:30
Updated-20 May, 2026 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nano: nano: format string vulnerability leads to denial of service

A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the `nano` application.

Action-Not Available
Vendor-Red Hat, Inc.GNU
Product-enterprise_linuxnanoopenshift_container_platformRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2026-31431
Assigner-kernel.org
ShareView Details
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-96.27% / 99.87%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 08:15
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-05-15||"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
crypto: algif_aead - Revert to operating out-of-place

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Action-Not Available
Vendor-amazonnixosVMware (Broadcom Inc.)NovellSiemens AGRed Hat, Inc.Debian GNU/LinuxopenSUSECanonical Ltd.Arista Networks, Inc.SUSELinux Kernel Organization, Inc
Product-linux_enterprise_microenterprise_storagesimatic_s7-1500_cpu_1518f-4_pn\/dp_mfpbasesystem_modulevelocloud_gatewaylinux_enterprise_workstation_extensionubuntu_linuxsimatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmwareamazon_linuxenterprise_linux_euslinux_enterprise_desktopopenstack_cloudopenshift_container_platformmanager_proxylegacy_moduleopenstack_cloud_crowbarlinux_enterprise_high_performance_computingvelocloud_edgesiplus_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwarevelocloud_orchestratornetvisor_osenterprise_linuxleapenterprise_linux_update_services_for_sap_solutionsnixossimatic_s7-1500_tm_mfp_firmwarelinux_enterprise_high_availability_extensionenterprise_linux_tusdevelopment_tools_modulemanager_retail_branch_serverlinux_enterprise_servercloudvision_agnilinux_enterprise_live_patchingsimatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwaresiplus_s7-1500_cpu_1518-4_pn\/dp_mfpdebian_linuxlinux_enterprise_real_timecaas_platformlinux_microcloudvision_portalsimatic_s7-1500_tm_mfpmanager_serverlinux_kernelpublic_cloud_modulesimatic_s7-1500_cpu_1518-4_pn\/dp_mfprealtime_moduleenterprise_linux_ausLinuxRed Hat OpenShift Container Platform 4.21Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsSIPLUS S7-1500 CPU 1518-4 PN/DP MFPRed Hat OpenShift Container Platform 4.12Red Hat OpenShift Container Platform 4.13Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportNVIDIA for RHEL 10Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat OpenShift Container Platform 4.17SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPRed Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux 10SIMATIC S7-1500 TM MFP - GNU/Linux subsystemRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat OpenShift Container Platform 4.20SIMATIC S7-1500 CPU 1518-4 PN/DP MFPRed Hat OpenShift Container Platform 4.16Kernel
CWE ID-CWE-1288
Improper Validation of Consistency within Input
CWE ID-CWE-669
Incorrect Resource Transfer Between Spheres
CVE-2026-6845
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.15% / 4.35%
||
7 Day CHG+0.01%
Published-22 Apr, 2026 | 07:54
Updated-13 Jul, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binutils: binutils: denial of service via crafted elf file

A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash.

Action-Not Available
Vendor-Red Hat, Inc.GNU
Product-binutilshardened_imagesenterprise_linuxopenshift_container_platformRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-4878
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.19% / 8.56%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 14:49
Updated-19 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.

Action-Not Available
Vendor-Red Hat, Inc.tcpdump & libpcap
Product-enterprise_linuxopenshift_container_platformlibcapRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnCost Management Metrics Operator 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat OpenShift Container Platform 4.17Red Hat OpenShift distributed tracing 3.9.3Red Hat OpenShift Container Platform 4.18Red Hat AI Inference Server 3.3Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat AI Inference Server 3.2Red Hat Insights proxy 1.5Red Hat Update Infrastructure 5Red Hat OpenShift Container Platform 4.13Red Hat Discovery 2Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat OpenShift Container Platform 4.16Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat OpenShift Container Platform 4.17Red Hat OpenShift distributed tracing 3.9.3Red Hat OpenShift Container Platform 4.18Red Hat AI Inference Server 3.3Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat AI Inference Server 3.2Red Hat Insights proxy 1.5Red Hat Update Infrastructure 5Red Hat OpenShift Container Platform 4.13Red Hat Discovery 2Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsCost Management 4Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat OpenShift Container Platform 4.16Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-5745
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 5.86%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 14:57
Updated-03 May, 2026 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libarchive: a null pointer dereference vulnerability exists in the acl parser of libarchive

A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or "default" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).

Action-Not Available
Vendor-libarchiveRed Hat, Inc.
Product-openshift_container_platformlibarchivehardened_imagesenterprise_linuxRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-5121
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.07% / 61.16%
||
7 Day CHG~0.00%
Published-30 Mar, 2026 | 07:47
Updated-14 Jul, 2026 | 13:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.

Action-Not Available
Vendor-Siemens AGlibarchiveRed Hat, Inc.
Product-hardened_imageslibarchiveopenshift_container_platformenterprise_linuxRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat AI Inference Server 3.3RHEL-8 based Middleware ContainersRed Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat AI Inference Server 3.2Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4.13Red Hat Discovery 2Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat OpenShift Container Platform 4.17Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Insights proxy 1.5Red Hat Update Infrastructure 5Red Hat OpenShift Container Platform 4.16Red Hat Hardened ImagesSIDIS Secured SmartPlug
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-0964
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.41% / 33.08%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 20:06
Updated-02 Jul, 2026 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libssh: improper sanitation of paths received from scp servers

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111.

Action-Not Available
Vendor-libsshRed Hat, Inc.
Product-enterprise_linuxlibsshhardened_imagesopenshift_container_platformRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-0966
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.58% / 43.92%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 20:06
Updated-19 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libssh: libssh: denial of service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to `SSH_LOG_PACKET (3)` or higher. Successful exploitation could lead to a self-Denial of Service of the per-connection daemon process.

Action-Not Available
Vendor-libsshRed Hat, Inc.
Product-enterprise_linuxlibsshhardened_imagesopenshift_container_platformRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 6Red Hat Enterprise Linux 10Red Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4
CWE ID-CWE-124
Buffer Underwrite ('Buffer Underflow')
CVE-2026-4897
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 3.08%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 14:56
Updated-21 Apr, 2026 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Polkit: polkit: denial of service via unbounded input processing through standard input

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.

Action-Not Available
Vendor-freedesktop.orgRed Hat, Inc.
Product-openshift_container_platformpolkitenterprise_linuxRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-4647
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.17% / 6.41%
||
7 Day CHG~0.00%
Published-23 Mar, 2026 | 13:37
Updated-15 Jul, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result, affected tools may crash or expose unintended memory contents, leading to denial-of-service or limited information disclosure risks.

Action-Not Available
Vendor-Red Hat, Inc.GNU
Product-binutilsenterprise_linuxopenshift_container_platformRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-4426
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 22.50%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 13:53
Updated-03 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libarchive: libarchive: denial of service via malformed iso file processing

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.

Action-Not Available
Vendor-libarchiveRed Hat, Inc.
Product-openshift_container_platformlibarchivehardened_imagesenterprise_linuxRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-1335
Incorrect Bitwise Shift of Integer
CVE-2026-4424
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.88% / 55.11%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 13:50
Updated-15 Jul, 2026 | 02:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.

Action-Not Available
Vendor-Red Hat, Inc.libarchive
Product-openshift_container_platform_for_powerenterprise_linux_server_auslibarchiveopenshift_container_platform_for_arm64hardened_imagesenterprise_linuxopenshift_container_platformRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat AI Inference Server 3.3RHEL-8 based Middleware ContainersRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat AI Inference Server 3.2Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4.13Red Hat Discovery 2Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat OpenShift Container Platform 4.17Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Insights proxy 1.5Red Hat Update Infrastructure 5Red Hat OpenShift Container Platform 4.16Red Hat Hardened ImagesRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat AI Inference Server 3.3RHEL-8 based Middleware ContainersRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat AI Inference Server 3.2Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4.13Red Hat Discovery 2Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat OpenShift Container Platform 4.17Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Insights proxy 1.5Red Hat Update Infrastructure 5Red Hat OpenShift Container Platform 4.16Red Hat Hardened Images
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-3441
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.18% / 8.09%
||
7 Day CHG+0.01%
Published-15 Mar, 2026 | 00:19
Updated-13 Jul, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binutils: gnu binutils: information disclosure via specially crafted xcoff object file

A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this flaw, potentially leading to information disclosure or an application level denial of service.

Action-Not Available
Vendor-Red Hat, Inc.GNU
Product-binutilsenterprise_linuxopenshift_container_platformRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-3442
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.26% / 16.90%
||
7 Day CHG+0.01%
Published-15 Mar, 2026 | 00:19
Updated-13 Jul, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binutils: gnu binutils: information disclosure or denial of service via out-of-bounds read in bfd linker

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.

Action-Not Available
Vendor-Red Hat, Inc.GNU
Product-binutilsenterprise_linuxopenshift_container_platformRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-12801
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 37.16%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 15:25
Updated-30 Jun, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nfs-utils: rpc.mountd in the nfs-utils privilege escalation

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.

Action-Not Available
Vendor-linux-nfsRed Hat, Inc.
Product-nfs-utilsenterprise_linuxopenshift_container_platformRed Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.16Red Hat Ceph Storage 8Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4.17Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4.19
CWE ID-CWE-279
Incorrect Execution-Assigned Permissions
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2026-0992
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-2.9||LOW
EPSS-0.31% / 22.79%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 14:20
Updated-30 Jun, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml2: libxml2: denial of service via crafted xml catalogs

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.

Action-Not Available
Vendor-libxml2 (XMLSoft)Red Hat, Inc.IBM Corporation
Product-libxml2hardened_imagesviosenterprise_linuxopenshift_container_platformjboss_core_servicesaixRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat JBoss Core ServicesRed Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-0989
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-0.42% / 34.03%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 14:20
Updated-30 Jun, 2026 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml2: unbounded relaxng include recursion leading to stack overflow

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.

Action-Not Available
Vendor-libxml2 (XMLSoft)Red Hat, Inc.IBM Corporation
Product-libxml2hardened_imagesviosenterprise_linuxopenshift_container_platformjboss_core_servicesaixRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat JBoss Core ServicesRed Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2026-0990
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.76% / 51.00%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 14:20
Updated-30 Jun, 2026 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.

Action-Not Available
Vendor-libxml2 (XMLSoft)Red Hat, Inc.IBM Corporation
Product-libxml2hardened_imagesviosenterprise_linuxopenshift_container_platformjboss_core_servicesaixRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat JBoss Core ServicesRed Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2025-13601
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.7||HIGH
EPSS-0.31% / 23.33%
||
7 Day CHG+0.01%
Published-26 Nov, 2025 | 14:44
Updated-30 Jun, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: integer overflow in in g_escape_uri_string()

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.Siemens AG
Product-enterprise_linux_for_ibm_z_systemscodeready_linux_builder_for_ibm_z_systemsenterprise_linux_for_power_little_endian_eusenterprise_linux_for_arm_64_eusenterprise_linux_server_for_power_little_endian_euscodeready_linux_builder_for_power_little_endian_eusopenshift_container_platform_for_arm64codeready_linux_builder_for_power_little_endianenterprise_linux_for_x86_64_eusopenshift_container_platform_for_powerenterprise_linux_for_x86_64codeready_linux_builder_for_arm64codeready_linux_builder_for_arm64_eusenterprise_linux_server_for_power_little_endianenterprise_linux_for_arm_64glibcodeready_linux_builder_for_x86_64_eusdiscoveryenterprise_linux_for_power_little_endianopenshift_container_platform_for_linuxonecodeready_linux_buildercodeready_linux_builder_for_x86_64enterprise_linux_server_ausenterprise_linux_server_tusceph_storageopenshift_container_platformcodeready_linux_builder_for_ibm_z_systems_eusenterprise_linux_for_ibm_z_systems_eusopenshift_container_platform_for_ibm_zRed Hat Hardened ImagesRed Hat Enterprise Linux 10Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4.12Red Hat OpenShift Container Platform 4.14Red Hat Update Infrastructure 5Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Ceph Storage 8Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.13Red Hat Insights proxy 1.5Red Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.16Red Hat Discovery 2Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRUGGEDCOM RST2428P
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-8283
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-0.29% / 20.98%
||
7 Day CHG~0.00%
Published-28 Jul, 2025 | 18:16
Updated-30 Jun, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netavark: podman: netavark may resolve hostnames to unexpected hosts

A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers.

Action-Not Available
Vendor-Red Hat, Inc.
Product-enterprise_linuxopenshift_container_platformRed Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4
CWE ID-CWE-15
External Control of System or Configuration Setting
CVE-2025-7519
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 8.16%
||
7 Day CHG~0.00%
Published-14 Jul, 2025 | 13:35
Updated-30 Jun, 2026 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.

Action-Not Available
Vendor-Red Hat, Inc.
Product-enterprise_linuxopenshift_container_platformRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-7424
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.20% / 64.71%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 14:05
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

Action-Not Available
Vendor-Red Hat, Inc.The GNOME Projectlibxml2 (XMLSoft)
Product-libxsltenterprise_linuxopenshift_container_platformRed Hat OpenShift Container Platform 4libxsltRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-32990
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.72% / 49.77%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 09:41
Updated-30 Jun, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gnutls: vulnerability in gnutls certtool template parsing

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Action-Not Available
Vendor-Red Hat, Inc.GNU
Product-enterprise_linuxgnutlsopenshift_container_platformRed Hat OpenShift Container Platform 4Red Hat Discovery 2Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Ceph Storage 7Red Hat Enterprise Linux 6Red Hat Insights proxy 1.5
CWE ID-CWE-122
Heap-based Buffer Overflow
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 6
  • 7
  • Next