Search Results (23512 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-4424 2 Libarchive, Redhat 21 Libarchive, Ai Inference Server, Discovery and 18 more 2026-06-10 7.5 High
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
CVE-2026-4111 1 Redhat 11 Ai Inference Server, Discovery, Enterprise Linux and 8 more 2026-06-10 7.5 High
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.
CVE-2023-52356 2 Libtiff, Redhat 6 Libtiff, Ai Inference Server, Discovery and 3 more 2026-06-10 7.5 High
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
CVE-2026-11837 1 Redhat 3 Enterprise Linux, Openstack, Openstack Platform 2026-06-10 7.3 High
A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their ~/.ssh directory to redirect file ownership changes to arbitrary system paths when an operator runs the authorized_key task as root, leading to local privilege escalation.
CVE-2026-11792 1 Redhat 3 Directory Server, Enterprise Linux, Redhat Directory Server 2026-06-09 3.3 Low
A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged (requiring non-default CLEAR password storage or a compromised replication peer), the copy overflows the buffer, corrupting heap memory and audit log output.
CVE-2026-11577 1 Redhat 8 Build Keycloak, Build Of Keycloak, Data Grid and 5 more 2026-06-09 7.2 High
A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/{realm}/partialImport endpoint. This allows them to bypass Fine-Grained Admin Permissions (FGAP) and escalate their privileges to a full realm administrator by importing users with realm-admin role mappings.
CVE-2024-43485 4 Apple, Linux, Microsoft and 1 more 12 Macos, Linux Kernel, .net and 9 more 2026-06-09 7.5 High
.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-43484 4 Apple, Linux, Microsoft and 1 more 28 Macos, Linux Kernel, .net and 25 more 2026-06-09 7.5 High
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2024-43483 4 Apple, Linux, Microsoft and 1 more 28 Macos, Linux Kernel, .net and 25 more 2026-06-09 7.5 High
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2024-38229 4 Apple, Linux, Microsoft and 1 more 7 Macos, Linux Kernel, .net and 4 more 2026-06-09 8.1 High
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2026-4366 1 Redhat 7 Build Keycloak, Build Of Keycloak, Jboss Enterprise Application Platform and 4 more 2026-06-09 5.8 Medium
A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources. As a result, sensitive internal services such as cloud metadata endpoints could be accessed. This issue may lead to information disclosure and enable attackers to map internal network infrastructure.
CVE-2026-32591 1 Redhat 3 Mirror Registry, Mirror Registry For Red Hat Openshift, Quay 2026-06-09 5.2 Medium
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could supply a crafted hostname to force the Quay server to make requests to internal network services, cloud infrastructure endpoints, or other resources that should not be accessible from the Quay application.
CVE-2026-5119 2 Gnome, Redhat 9 Libsoup, Enterprise Linux, Enterprise Linux Eus and 6 more 2026-06-09 5.9 Medium
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
CVE-2026-3238 2 Redhat, Samba 4 Enterprise Linux, Openshift, Openshift Container Platform and 1 more 2026-06-09 7.5 High
A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the WINS service using specially crafted UDP packets.
CVE-2026-10840 1 Redhat 3 Openshift, Openshift Builds, Openshift Pipelines 2026-06-09 7.1 High
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete other tenants' Workload objects, or induce cert-manager to overwrite TLS Secrets including the default ingress controller certificate.
CVE-2026-50265 1 Redhat 1 Enterprise Linux 2026-06-08 7.0 High
This CVE ID was assigned as a duplicate of CVE-2026-50292
CVE-2026-42965 1 Redhat 3 Openshift, Openshift Container Platform, Openshift Router 2026-06-08 7.7 High
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud metadata endpoint, leading to the disclosure of instance credentials and other sensitive metadata. This bypasses previous security measures for validating IP addresses.
CVE-2026-10533 1 Redhat 2 Openshift, Openshift Container Platform 2026-06-08 5 Medium
A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged user who can create pods in a namespace can exploit this to generate a large volume of events that accumulate in etcd, causing API server performance degradation across the cluster.
CVE-2026-11569 1 Redhat 1 Quay 2026-06-08 5.4 Medium
A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting when a victim visits the archive URL.
CVE-2026-0707 1 Redhat 1 Build Keycloak 2026-06-08 5.3 Medium
A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.