Search Results (1202 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-20012 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-04-15 4.9 Medium
Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.
CVE-2025-24495 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-04-15 5.6 Medium
Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2024-47850 2 Cups, Redhat 7 Cups, Enterprise Linux, Rhel Aus and 4 more 2026-04-15 7.5 High
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
CVE-2024-6345 2 Python, Redhat 10 Setuptools, Enterprise Linux, Openshift and 7 more 2026-04-15 8.8 High
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
CVE-2024-24582 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-04-15 7.5 High
Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access.
CVE-2024-21823 1 Redhat 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more 2026-04-15 7.5 High
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access
CVE-2024-4467 1 Redhat 7 Advanced Virtualization, Container Native Virtualization, Enterprise Linux and 4 more 2026-04-15 7.8 High
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.
CVE-2024-53263 1 Redhat 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more 2026-04-15 8.1 High
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any credentials it receives back from the Git credential helper to the remote host. By inserting URL-encoded control characters such as line feed (LF) or carriage return (CR) characters into the URL, an attacker may be able to retrieve a user's Git credentials. This problem exists in all previous versions and is patched in v3.6.1. All users should upgrade to v3.6.1. There are no workarounds known at this time.
CVE-2024-4076 2 Isc, Redhat 7 Bind, Enterprise Linux, Openshift and 4 more 2026-04-15 7.5 High
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
CVE-2024-34156 2 Go Standard Library, Redhat 19 Encoding\/gob, Advanced Cluster Security, Ceph Storage and 16 more 2026-04-15 7.5 High
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
CVE-2024-3019 1 Redhat 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more 2026-04-15 8.8 High
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.
CVE-2024-21885 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-04-15 7.8 High
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.
CVE-2024-5564 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-04-15 8.1 High
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.
CVE-2024-38796 1 Redhat 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more 2026-04-15 5.9 Medium
EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
CVE-2024-45769 1 Redhat 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more 2026-04-15 5.5 Medium
A vulnerability was found in Performance Co-Pilot (PCP).  This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.
CVE-2023-31356 1 Redhat 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more 2026-04-15 4.4 Medium
Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.
CVE-2023-45288 3 Go Standard Library, Golang, Redhat 33 Net\/http, Http2, Acm and 30 more 2026-04-15 7.5 High
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
CVE-2023-43758 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-04-15 8.2 High
Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-6597 2 Python Software Foundation, Redhat 8 Cpython, Enterprise Linux, Openshift and 5 more 2026-04-15 7.8 High
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
CVE-2024-21489 2 Leeoniya, Redhat 4 Uplot, Rhel Aus, Rhel E4s and 1 more 2026-04-15 8.2 High
Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.