Search Results (16520 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-31179 2 Gnuplot, Redhat 2 Gnuplot, Enterprise Linux 2026-06-25 6.2 Medium
A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.
CVE-2025-31178 2 Gnuplot, Redhat 2 Gnuplot, Enterprise Linux 2026-06-25 6.2 Medium
A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.
CVE-2025-31177 2 Gnuplot, Redhat 2 Gnuplot, Enterprise Linux 2026-06-25 5.5 Medium
gnuplot is affected by a heap buffer overflow at function utf8_copy_one.
CVE-2025-31180 2 Gnuplot, Redhat 2 Gnuplot, Enterprise Linux 2026-06-25 6.2 Medium
A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.
CVE-2025-31176 2 Gnuplot, Redhat 2 Gnuplot, Enterprise Linux 2026-06-25 6.2 Medium
A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.
CVE-2026-11820 1 Redhat 2 Community.general, Enterprise Linux 2026-06-25 6.5 Medium
A flaw was found in the community.general Ansible collection's nexmo module. The module constructs HTTP requests to the Vonage/Nexmo SMS API by encoding API credentials (api_key and api_secret) into URL query parameters and sending them via GET requests. This causes credentials to be exposed in web server access logs, proxy logs, HTTP Referer headers, and network monitoring tools, despite the Ansible argument specification marking these parameters as no_log. An attacker with access to any of these logging or monitoring points can obtain the full API credentials and gain unauthorized access to the victim's Vonage/Nexmo account.
CVE-2026-12725 2 Dnsmasq, Redhat 4 Dnsmasq, Enterprise Linux, Openshift and 1 more 2026-06-24 5.9 Medium
A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply such a DNS response may crash the dnsmasq process, resulting in denial of service.
CVE-2026-12549 2 Libsoup, Redhat 2 Libsoup, Enterprise Linux 2026-06-24 4.8 Medium
The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading to malformed HTTP 206 responses and log flooding.
CVE-2026-3832 2 Gnu, Redhat 9 Gnutls, Discovery, Enterprise Linux and 6 more 2026-06-24 3.7 Low
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.
CVE-2026-12969 2 Dnsmasq, Redhat 4 Dnsmasq, Enterprise Linux, Openshift and 1 more 2026-06-24 5.3 Medium
An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can exploit this via a crafted NXDOMAIN response to cause a 10-byte heap out-of-bounds read, potentially accessing stale data from prior transactions.
CVE-2026-11819 1 Redhat 2 Community.general, Enterprise Linux 2026-06-24 5.5 Medium
Module: plugins/modules/keyring_info.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring (GNOME Keyring, macOS Keychain, Windows Credential Manager) and places it directly into result["passphrase"] with no output suppression, no no_log protection, and no documentation warning. Root Cause: Line 105 (protected): keyring_password=dict(type="str", required=True, no_log=True) Line 127 (NOT protected): result["passphrase"] = passphrase Observed Output: { "changed": false, "passphrase": "MyMasterP@ssw0rd!SSH_Key_Secret" } Visible via register + debug: { "keyring_result": { "changed": false, "passphrase": "MyMasterP@ssw0rd!SSH_Key_Secret" } } Impact: Master passwords, SSH key passphrases and service credentials appear in all Ansible output register: keyring_result followed by debug: var=keyring_result prints passphrase in full Ansible fact caching backends (Redis, JSON file, memcached) may persist the passphrase AWX/Tower job logs silently store the live credential Fix: module.exit_json(changed=False, passphrase=passphrase, _ansible_no_log=True) Also add a documentation warning requiring callers to use no_log: true at the task level. PoCs Fig 1: PoC execution showing passphrase in plaintext output Fig 2: Source code showing no_log=True on input (line 105) vs unprotected output (line 127)
CVE-2026-12891 2 Gstreamer Project, Redhat 2 Gstreamer Plugin, Enterprise Linux 2026-06-24 4.3 Medium
A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266 video file or stream that, when processed by a GStreamer-based application, could leak limited memory contents through video metadata, potentially exposing sensitive information from the application's address space.
CVE-2026-12892 2 Gstreamer Project, Redhat 2 Gstreamer Plugin, Enterprise Linux 2026-06-24 4.4 Medium
A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the parser attempts to check slice boundary information without first verifying that the NAL unit contains enough data beyond the extension header. An attacker could exploit this by tricking a user into opening a malicious H.264 video file, potentially causing the application to crash or leak a single byte of heap memory.
CVE-2026-6420 1 Redhat 1 Enterprise Linux 2026-06-24 6.3 Medium
A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.
CVE-2026-44604 1 Redhat 8 Enterprise Linux, Hardened Images, Hummingbird and 5 more 2026-06-23 7 High
A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially crafted archive containing shell metacharacters in its folder name can execute arbitrary commands as the user running the extraction.
CVE-2023-6478 4 Debian, Redhat, Tigervnc and 1 more 11 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 8 more 2026-06-23 7.6 High
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.
CVE-2023-6377 4 Debian, Redhat, Tigervnc and 1 more 11 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 8 more 2026-06-23 7.8 High
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
CVE-2023-5868 2 Postgresql, Redhat 22 Postgresql, Advanced Cluster Security, Codeready Linux Builder Eus and 19 more 2026-06-23 4.3 Medium
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
CVE-2023-5574 2 Redhat, X.org 2 Enterprise Linux, X Server 2026-06-23 7 High
A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.
CVE-2023-5380 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Enterprise Linux and 2 more 2026-06-23 4.7 Medium
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.