Redhat

Hardened Images

51 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.2%
  • Veröffentlicht 17.06.2026 15:34:00
  • Zuletzt bearbeitet 26.06.2026 23:17:07

A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the edit_products permission to query content information for repositories o...

  • EPSS 0.13%
  • Veröffentlicht 16.06.2026 16:50:15
  • Zuletzt bearbeitet 26.06.2026 22:16:32

A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the `xpmNextWord()` function by processing a specially crafted or very small XPM (X PixMap) image file. This improper validation of file...

  • EPSS 0.15%
  • Veröffentlicht 16.06.2026 00:49:15
  • Zuletzt bearbeitet 30.06.2026 03:19:31

A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token th...

  • EPSS 0.26%
  • Veröffentlicht 11.06.2026 09:49:07
  • Zuletzt bearbeitet 12.06.2026 15:16:24

An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_len is 0 or ...

  • EPSS 1.13%
  • Veröffentlicht 10.06.2026 19:49:27
  • Zuletzt bearbeitet 30.06.2026 03:21:18

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic Host Configuration Protocol) options, such as a malicious hostname, to a system using dracut's legacy DH...

  • EPSS 0.38%
  • Veröffentlicht 01.06.2026 19:26:56
  • Zuletzt bearbeitet 29.06.2026 12:16:32

A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timi...

  • EPSS 0.25%
  • Veröffentlicht 01.06.2026 17:16:39
  • Zuletzt bearbeitet 30.06.2026 03:17:06

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersi...

  • EPSS 0.73%
  • Veröffentlicht 26.05.2026 21:29:32
  • Zuletzt bearbeitet 09.07.2026 07:16:23

A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. ...

  • EPSS 0.42%
  • Veröffentlicht 26.05.2026 21:29:32
  • Zuletzt bearbeitet 30.06.2026 03:19:31

A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass pro...

  • EPSS 0.35%
  • Veröffentlicht 26.05.2026 21:29:26
  • Zuletzt bearbeitet 30.06.2026 03:19:30

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certi...