Redhat

Update Infrastructure

7 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.21%
  • Veröffentlicht 26.05.2026 16:16:07
  • Zuletzt bearbeitet 09.07.2026 16:16:41

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, ...

  • EPSS 0.29%
  • Veröffentlicht 20.05.2026 23:34:56
  • Zuletzt bearbeitet 27.06.2026 00:16:49

A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a ...

  • EPSS 0.4%
  • Veröffentlicht 20.05.2026 23:16:36
  • Zuletzt bearbeitet 29.06.2026 17:16:30

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA51...

  • EPSS 1.12%
  • Veröffentlicht 05.02.2024 21:15:11
  • Zuletzt bearbeitet 24.03.2026 12:16:08

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

  • EPSS 1.12%
  • Veröffentlicht 05.02.2024 21:15:10
  • Zuletzt bearbeitet 12.05.2026 11:16:16

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Exploit
  • EPSS 0.28%
  • Veröffentlicht 25.10.2022 18:15:10
  • Zuletzt bearbeitet 07.05.2025 20:15:21

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

Exploit
  • EPSS 0.26%
  • Veröffentlicht 04.11.2019 13:15:10
  • Zuletzt bearbeitet 21.11.2024 01:55:43

RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates