Filtered by vendor Redhat
Subscribe
Total
5933 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-11785 | 1 Redhat | 3 389 Directory Server, Directory Server, Enterprise Linux | 2026-06-12 | N/A | 4.3 MEDIUM |
| A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users. | |||||
| CVE-2026-11786 | 1 Redhat | 3 389 Directory Server, Directory Server, Enterprise Linux | 2026-06-12 | N/A | 1.9 LOW |
| A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation. | |||||
| CVE-2026-11787 | 1 Redhat | 3 389 Directory Server, Directory Server, Enterprise Linux | 2026-06-12 | N/A | 5.0 MEDIUM |
| A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior. | |||||
| CVE-2026-11788 | 1 Redhat | 3 389 Directory Server, Directory Server, Enterprise Linux | 2026-06-12 | N/A | 5.9 MEDIUM |
| A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure. | |||||
| CVE-2026-11789 | 1 Redhat | 3 389 Directory Server, Directory Server, Enterprise Linux | 2026-06-12 | N/A | 4.9 MEDIUM |
| A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication. | |||||
| CVE-2026-11790 | 1 Redhat | 3 389 Directory Server, Directory Server, Enterprise Linux | 2026-06-12 | N/A | 4.9 MEDIUM |
| A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication, resulting in denial of service. | |||||
| CVE-2026-50263 | 2 Redhat, X.org | 3 Enterprise Linux, X Server, Xwayland | 2026-06-11 | N/A | 5.5 MEDIUM |
| A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure. | |||||
| CVE-2026-50260 | 2 Redhat, X.org | 3 Enterprise Linux, X Server, Xwayland | 2026-06-11 | N/A | 7.8 HIGH |
| A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root. | |||||
| CVE-2026-1784 | 1 Redhat | 1 Openshift Container Platform | 2026-06-11 | N/A | 8.8 HIGH |
| The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration. | |||||
| CVE-2026-4878 | 2 Libcap Project, Redhat | 3 Libcap, Enterprise Linux, Openshift Container Platform | 2026-06-11 | N/A | 6.7 MEDIUM |
| A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation. | |||||
| CVE-2026-9803 | 1 Redhat | 1 Build Of Keycloak | 2026-06-10 | N/A | 5.3 MEDIUM |
| A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an ArrayIndexOutOfBoundsException, causing the server to return an HTTP 500 error and resulting in a Denial of Service (DoS) for the affected service. | |||||
| CVE-2026-9802 | 1 Redhat | 1 Build Of Keycloak | 2026-06-10 | N/A | 6.8 MEDIUM |
| A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been revoked. Successful exploitation grants the attacker unauthorized access to the victim's account, potentially leading to information disclosure or privilege escalation. | |||||
| CVE-2026-9801 | 1 Redhat | 1 Build Of Keycloak | 2026-06-10 | N/A | 4.9 MEDIUM |
| A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password policy response during a password authentication request, the attacker can trigger an OutOfMemoryError. This causes the Keycloak Java Virtual Machine (JVM) to terminate, leading to a denial of service (DoS) for all realms on the affected node. | |||||
| CVE-2026-9794 | 1 Redhat | 1 Build Of Keycloak | 2026-06-10 | N/A | 5.3 MEDIUM |
| A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced Client or Proxy) endpoint with varying client IDs. By observing distinct faultstrings in the responses, the attacker can determine the client's protocol type, leading to information disclosure. | |||||
| CVE-2026-9792 | 1 Redhat | 1 Build Of Keycloak | 2026-06-10 | N/A | 6.5 MEDIUM |
| A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When certain condition providers (client-type, client-roles, client-attributes, client-scopes) are used to enforce security restrictions, the `reject-ropc-grant` executor is silently bypassed. This allows an unauthenticated remote attacker to obtain tokens via a Resource Owner Password Credentials (ROPC) grant, even when a policy is explicitly configured to block it. This bypass can lead to unauthorized access and information disclosure. | |||||
| CVE-2026-9791 | 1 Redhat | 1 Build Of Keycloak | 2026-06-10 | N/A | 4.3 MEDIUM |
| A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the 'organization' scope. This allows organization metadata to be disclosed in tokens, even after an administrator has explicitly disabled the Organizations feature, potentially leading to incorrect authorization decisions by resource servers. | |||||
| CVE-2026-9704 | 1 Redhat | 1 Build Of Keycloak | 2026-06-10 | N/A | 6.8 MEDIUM |
| A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client credentials. This allows the user to gain the permissions of the client's service account, leading to privilege escalation. | |||||
| CVE-2026-9087 | 1 Redhat | 1 Build Of Keycloak | 2026-06-10 | N/A | 6.4 MEDIUM |
| A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account. | |||||
| CVE-2026-8922 | 1 Redhat | 1 Build Of Keycloak | 2026-06-10 | N/A | 5.4 MEDIUM |
| A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspection feature fails to properly honor the realm-level policy. This allows tokens that should have been revoked to remain active, potentially leading to unauthorized access or continued session validity. This could impact the security of systems utilizing Keycloak for identity and access management. | |||||
| CVE-2026-8830 | 1 Redhat | 1 Build Of Keycloak | 2026-06-10 | N/A | 4.3 MEDIUM |
| A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction() fails to validate that the newly created credential's parameters, such as public key algorithms, match the realm's configured WebAuthn policies. This could lead to the creation of credentials that do not adhere to administrative security requirements, potentially weakening the overall security posture of the system by allowing non-compliant authentication methods. | |||||