Filtered by vendor Redhat
Subscriptions
Total
22948 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2004 | 5 Apple, Fedoraproject, Haxx and 2 more | 16 Macos, Fedora, Curl and 13 more | 2025-07-30 | 3.5 Low |
| When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug. | ||||
| CVE-2024-2379 | 4 Apple, Haxx, Netapp and 1 more | 21 Macos, Curl, Active Iq Unified Manager and 18 more | 2025-07-30 | 6.3 Medium |
| libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. | ||||
| CVE-2025-31181 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2025-07-30 | 6.2 Medium |
| A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash. | ||||
| CVE-2025-31180 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2025-07-30 | 6.2 Medium |
| A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash. | ||||
| CVE-2025-31179 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2025-07-30 | 6.2 Medium |
| A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash. | ||||
| CVE-2025-31178 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2025-07-30 | 6.2 Medium |
| A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash. | ||||
| CVE-2025-31176 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2025-07-30 | 6.2 Medium |
| A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash. | ||||
| CVE-2021-30663 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2025-07-30 | 7.8 High |
| An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-0847 | 7 Fedoraproject, Linux, Netapp and 4 more | 42 Fedora, Linux Kernel, H300e and 39 more | 2025-07-30 | 7.8 High |
| A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. | ||||
| CVE-2020-16009 | 7 Cefsharp, Debian, Fedoraproject and 4 more | 9 Cefsharp, Debian Linux, Fedora and 6 more | 2025-07-30 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2020-16013 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-07-30 | 9.6 Critical |
| Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2025-4945 | 1 Redhat | 1 Enterprise Linux | 2025-07-30 | 3.7 Low |
| A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines. | ||||
| CVE-2024-11053 | 3 Haxx, Netapp, Redhat | 20 Curl, Bootstrap Os, H300s and 17 more | 2025-07-30 | 3.4 Low |
| When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password. | ||||
| CVE-2025-8035 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2025-07-30 | 8.8 High |
| Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. | ||||
| CVE-2020-17159 | 2 Microsoft, Redhat | 2 Visual Studio Code, Language Support For Java | 2025-07-30 | 7.8 High |
| Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | ||||
| CVE-2024-0340 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-07-30 | 4.4 Medium |
| A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. | ||||
| CVE-2024-7254 | 3 Google, Netapp, Redhat | 15 Google-protobuf, Protobuf, Protobuf-java and 12 more | 2025-07-30 | 7.5 High |
| Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker. | ||||
| CVE-2024-7259 | 2 Ovirt, Redhat | 3 Ovirt-engine, Rhev Hypervisor, Virtualization | 2025-07-30 | 4.4 Medium |
| A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext. | ||||
| CVE-2025-6020 | 1 Redhat | 9 Discovery, Enterprise Linux, Openshift Distributed Tracing and 6 more | 2025-07-30 | 7.8 High |
| A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. | ||||
| CVE-2025-4969 | 1 Redhat | 1 Enterprise Linux | 2025-07-30 | 6.5 Medium |
| A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read). | ||||