Export limit exceeded: 16493 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (16493 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9615 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-06-30 | N/A |
| A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection. | ||||
| CVE-2025-8283 | 1 Redhat | 3 Enterprise Linux, Openshift, Openshift Container Platform | 2026-06-30 | 3.7 Low |
| A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers. | ||||
| CVE-2025-8277 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-06-30 | 3.1 Low |
| A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability. | ||||
| CVE-2025-3416 | 1 Redhat | 5 Directory Server, Enterprise Linux, Openshift and 2 more | 2026-06-30 | 3.7 Low |
| A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string. | ||||
| CVE-2024-45618 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2026-06-30 | 3.9 Low |
| A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. | ||||
| CVE-2024-45617 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2026-06-30 | 3.9 Low |
| A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. | ||||
| CVE-2024-45616 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2026-06-30 | 3.9 Low |
| A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card. | ||||
| CVE-2024-45615 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2026-06-30 | 3.9 Low |
| A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.). | ||||
| CVE-2025-14821 | 2 Libssh, Redhat | 5 Libssh, Enterprise Linux, Hardened Images and 2 more | 2026-06-30 | 7.8 High |
| A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an insecure default configuration on Windows systems where the library automatically loads configuration files from the C:\etc directory, which can be created and modified by unprivileged local users. | ||||
| CVE-2025-13763 | 2 Opensc, Redhat | 2 Opensc, Enterprise Linux | 2026-06-30 | 5.7 Medium |
| Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs | ||||
| CVE-2025-11731 | 1 Redhat | 3 Enterprise Linux, Hummingbird, Openshift | 2026-06-30 | 3.1 Low |
| A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service. | ||||
| CVE-2024-8443 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2026-06-30 | 2.9 Low |
| A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution. | ||||
| CVE-2023-32251 | 1 Redhat | 1 Enterprise Linux | 2026-06-30 | 3.7 Low |
| A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the intended anti-brute-force protection, potentially allowing attackers to conduct dictionary attacks more efficiently against user credentials or other authentication mechanisms. | ||||
| CVE-2024-45620 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2026-06-30 | 3.9 Low |
| A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. | ||||
| CVE-2024-45619 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2026-06-30 | 4.3 Medium |
| A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. | ||||
| CVE-2026-0719 | 1 Redhat | 9 Enterprise Linux, Enterprise Linux Eus, Openshift Devspaces and 6 more | 2026-06-30 | 8.6 High |
| A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk. | ||||
| CVE-2025-61664 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-06-30 | 4.9 Medium |
| A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity. | ||||
| CVE-2025-61662 | 2 Gnu, Redhat | 10 Grub2, Enterprise Linux, Enterprise Linux Eus and 7 more | 2026-06-30 | 7.8 High |
| A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded. | ||||
| CVE-2025-61663 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-06-30 | 4.9 Medium |
| A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact on the data integrity and confidentiality is also not discarded. | ||||
| CVE-2025-61661 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-06-30 | 4.8 Medium |
| A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited. | ||||