Filtered by vendor Redhat
Subscribe
Total
5698 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6725 | 1 Redhat | 1 Openstack Platform | 2025-07-30 | N/A | 6.6 MEDIUM |
| An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information. | |||||
| CVE-2025-5198 | 2 Redhat, Stackrox | 2 Advanced Cluster Security, Stackrox | 2025-07-30 | N/A | 5.0 MEDIUM |
| A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product. | |||||
| CVE-2025-31181 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2025-07-30 | N/A | 6.2 MEDIUM |
| A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash. | |||||
| CVE-2025-31180 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2025-07-30 | N/A | 6.2 MEDIUM |
| A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash. | |||||
| CVE-2025-31179 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2025-07-30 | N/A | 6.2 MEDIUM |
| A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash. | |||||
| CVE-2025-31178 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2025-07-30 | N/A | 6.2 MEDIUM |
| A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash. | |||||
| CVE-2025-31176 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2025-07-30 | N/A | 6.2 MEDIUM |
| A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash. | |||||
| CVE-2022-0847 | 7 Fedoraproject, Linux, Netapp and 4 more | 39 Fedora, Linux Kernel, H300e and 36 more | 2025-07-30 | 7.2 HIGH | 7.8 HIGH |
| A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. | |||||
| CVE-2020-17159 | 1 Redhat | 1 Language Support For Java | 2025-07-30 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | |||||
| CVE-2024-7259 | 2 Ovirt, Redhat | 2 Ovirt-engine, Virtualization | 2025-07-30 | N/A | 4.4 MEDIUM |
| A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext. | |||||
| CVE-2024-3622 | 1 Redhat | 1 Mirror Registry | 2025-07-30 | N/A | 8.8 HIGH |
| A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a malicious actor to craft session cookies and as a consequence, it may lead to gaining access to the affected Quay instance. | |||||
| CVE-2024-3623 | 1 Redhat | 1 Mirror Registry | 2025-07-30 | N/A | 8.1 HIGH |
| A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay's database. | |||||
| CVE-2015-4495 | 6 Canonical, Mozilla, Opensuse and 3 more | 15 Ubuntu Linux, Firefox, Firefox Os and 12 more | 2025-07-30 | 4.3 MEDIUM | 8.8 HIGH |
| The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015. | |||||
| CVE-2024-45777 | 2 Gnu, Redhat | 3 Grub2, Enterprise Linux, Openshift | 2025-07-28 | N/A | 6.7 MEDIUM |
| A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections. | |||||
| CVE-2025-3891 | 3 Apache, Debian, Redhat | 3 Http Server, Debian Linux, Enterprise Linux | 2025-07-28 | N/A | 7.5 HIGH |
| A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability. | |||||
| CVE-2024-10234 | 1 Redhat | 2 Build Of Keycloak, Jboss Enterprise Application Platform | 2025-07-23 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server. | |||||
| CVE-2025-32463 | 6 Canonical, Debian, Opensuse and 3 more | 8 Ubuntu Linux, Debian Linux, Leap and 5 more | 2025-07-22 | N/A | 9.3 CRITICAL |
| Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. | |||||
| CVE-2024-12085 | 8 Almalinux, Archlinux, Gentoo and 5 more | 22 Almalinux, Arch Linux, Linux and 19 more | 2025-07-16 | N/A | 7.5 HIGH |
| A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. | |||||
| CVE-2024-49393 | 3 Mutt, Neomutt, Redhat | 3 Mutt, Neomutt, Enterprise Linux | 2025-07-16 | N/A | 6.5 MEDIUM |
| In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality. | |||||
| CVE-2018-7726 | 3 Canonical, Gdraheim, Redhat | 5 Ubuntu Linux, Zziplib, Enterprise Linux Desktop and 2 more | 2025-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | |||||