Filtered by vendor Redhat
Subscribe
Total
5933 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-32590 | 1 Redhat | 2 Mirror Registry For Red Hat Openshift, Quay | 2026-06-09 | N/A | 7.1 HIGH |
| A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server. | |||||
| CVE-2026-32589 | 1 Redhat | 2 Mirror Registry For Red Hat Openshift, Quay | 2026-06-09 | N/A | 7.4 HIGH |
| A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload. | |||||
| CVE-2026-2377 | 1 Redhat | 2 Mirror Registry For Red Hat Openshift, Quay | 2026-06-09 | N/A | 6.5 MEDIUM |
| A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems. | |||||
| CVE-2026-32591 | 1 Redhat | 2 Mirror Registry For Red Hat Openshift, Quay | 2026-06-09 | N/A | 5.2 MEDIUM |
| A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could supply a crafted hostname to force the Quay server to make requests to internal network services, cloud infrastructure endpoints, or other resources that should not be accessible from the Quay application. | |||||
| CVE-2026-5119 | 2 Gnome, Redhat | 2 Libsoup, Enterprise Linux | 2026-06-09 | N/A | 5.9 MEDIUM |
| A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation. | |||||
| CVE-2026-50259 | 2 Redhat, X.org | 3 Enterprise Linux, X Server, Xwayland | 2026-06-08 | N/A | 7.8 HIGH |
| A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root. | |||||
| CVE-2026-42009 | 2 Gnu, Redhat | 14 Gnutls, Enterprise Linux, Enterprise Linux For Els and 11 more | 2026-06-08 | N/A | 7.5 HIGH |
| A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service. | |||||
| CVE-2026-50258 | 2 Redhat, X.org | 3 Enterprise Linux, X Server, Xwayland | 2026-06-08 | N/A | 7.8 HIGH |
| A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift levels and trigger stack overflows. This is caused by an incomplete fix of CVE-2025-26597. This may be used to crash the server, or for privilege escalation if the X server runs as root. | |||||
| CVE-2026-50257 | 2 Redhat, X.org | 3 Enterprise Linux, X Server, Xwayland | 2026-06-08 | N/A | 7.8 HIGH |
| A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection destroys the fence, causing the use-after-free. This may be used to crash the server, or for privilege escalation if the X server runs as root. | |||||
| CVE-2026-50256 | 2 Redhat, X.org | 3 Enterprise Linux, X Server, Xwayland | 2026-06-08 | N/A | 7.8 HIGH |
| A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root. | |||||
| CVE-2026-46579 | 1 Redhat | 2 Openshift Container Platform, Openshift Router | 2026-06-08 | N/A | 7.4 HIGH |
| A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted `X-SSL-Client-*` headers. As a result, backends relying on these headers for mutual TLS (Transport Layer Security) authentication can be bypassed, enabling the attacker to impersonate client certificate identities. | |||||
| CVE-2026-42965 | 1 Redhat | 2 Openshift Container Platform, Openshift Router | 2026-06-08 | N/A | 7.7 HIGH |
| A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud metadata endpoint, leading to the disclosure of instance credentials and other sensitive metadata. This bypasses previous security measures for validating IP addresses. | |||||
| CVE-2026-10533 | 1 Redhat | 1 Openshift Container Platform | 2026-06-08 | N/A | 5.0 MEDIUM |
| A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged user who can create pods in a namespace can exploit this to generate a large volume of events that accumulate in etcd, causing API server performance degradation across the cluster. | |||||
| CVE-2026-34002 | 2 Redhat, X.org | 2 Enterprise Linux, X Server | 2026-06-08 | N/A | 6.1 MEDIUM |
| A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service. | |||||
| CVE-2026-34000 | 2 Redhat, X.org | 2 Enterprise Linux, X Server | 2026-06-08 | N/A | 6.1 MEDIUM |
| A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server. | |||||
| CVE-2025-5372 | 2 Libssh, Redhat | 3 Libssh, Enterprise Linux, Openshift Container Platform | 2026-06-08 | N/A | 5.0 MEDIUM |
| A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability. | |||||
| CVE-2025-57849 | 1 Redhat | 1 Fuse | 2026-06-05 | N/A | 6.4 MEDIUM |
| A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. | |||||
| CVE-2025-8766 | 1 Redhat | 1 Openshift Data Foundation | 2026-06-05 | N/A | 6.4 MEDIUM |
| A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container | |||||
| CVE-2024-0193 | 2 Linux, Redhat | 23 Linux Kernel, Codeready Linux Builder, Codeready Linux Builder For Eus and 20 more | 2026-06-05 | N/A | 7.8 HIGH |
| A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system. | |||||
| CVE-2026-37978 | 1 Redhat | 1 Build Of Keycloak | 2026-06-03 | N/A | 4.9 MEDIUM |
| A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID (userId) parameter. This vulnerability allows for cross-role personally identifiable information (PII) leakage, enabling unauthorized visibility into user identities and authorizations across the realm. Exploitation is possible remotely via network access to the Admin API. | |||||