Search Results (1775 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-2340 2 Redhat, Samba 10 Enterprise Linux, Enterprise Linux Eus, Openshift and 7 more 2026-07-02 6.5 Medium
A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share could overwrite a protected file by renaming a newly created file over the existing WORM-protected file.
CVE-2026-4408 2 Redhat, Samba 11 Enterprise Linux, Enterprise Linux Eus, Openshift and 8 more 2026-07-02 9 Critical
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-characters. This vulnerability allows an attacker to achieve remote command execution on the affected system. This issue primarily affects non-standard configurations where the "check password script" is used with %u and the samba-dcerpcd service is started as a system service.
CVE-2026-3012 2 Redhat, Samba 10 Enterprise Linux, Enterprise Linux Eus, Openshift and 7 more 2026-07-02 8 High
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.
CVE-2026-1933 2 Redhat, Samba 10 Enterprise Linux, Enterprise Linux Eus, Openshift and 7 more 2026-07-02 7.1 High
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types.
CVE-2026-42009 2 Gnu, Redhat 25 Gnutls, Discovery, Enterprise Linux and 22 more 2026-07-01 7.5 High
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
CVE-2026-33846 2 Gnu, Redhat 15 Gnutls, Discovery, Enterprise Linux and 12 more 2026-07-01 7.5 High
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.
CVE-2026-33845 2 Gnu, Redhat 15 Gnutls, Discovery, Enterprise Linux and 12 more 2026-07-01 7.5 High
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
CVE-2026-4878 2 Libcap Project, Redhat 18 Libcap, Ai Inference Server, Cost Management and 15 more 2026-07-01 6.7 Medium
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
CVE-2025-4948 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-06-30 7.5 High
A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.
CVE-2025-5024 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-06-30 7.4 High
A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.
CVE-2025-6020 1 Redhat 16 Cert Manager, Confidential Compute Attestation, Discovery and 13 more 2026-06-30 7.8 High
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
CVE-2025-6019 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-06-30 7 High
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
CVE-2025-5914 2 Libarchive, Redhat 19 Libarchive, Cert Manager, Confidential Compute Attestation and 16 more 2026-06-30 7.8 High
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
CVE-2025-5318 2 Libssh, Redhat 11 Libssh, Ai Inference Server, Enterprise Linux and 8 more 2026-06-30 8.1 High
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
CVE-2025-49179 1 Redhat 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more 2026-06-30 7.3 High
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
CVE-2025-4945 1 Redhat 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more 2026-06-30 3.7 Low
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
CVE-2025-4373 1 Redhat 8 Enterprise Linux, Insights Proxy, Openshift Distributed Tracing and 5 more 2026-06-30 4.8 Medium
A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.
CVE-2025-4404 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-06-30 9.1 Critical
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
CVE-2025-6021 2 Redhat, Xmlsoft 30 Discovery, Enterprise Linux, Enterprise Linux Eus and 27 more 2026-06-30 7.5 High
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
CVE-2025-5987 2 Libssh, Redhat 6 Libssh, Enterprise Linux, Enterprise Linux Eus and 3 more 2026-06-30 8.1 High
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.