Search Results (1789 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-14164 3 Libarchive, Red Hat, Redhat 7 Libarchive, Enterprise Linux, Enterprise Linux and 4 more 2026-07-01 7.5 High
A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filtered_buf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of the same memory region, resulting in a double-free condition. Successful exploitation may cause applications using the vulnerable libarchive API to terminate unexpectedly, leading to a denial of service.
CVE-2026-12610 2 Redhat, Sssd 6 Enterprise Linux, Hardened Images, Hummingbird and 3 more 2026-07-01 6.4 Medium
A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of service that disrupts authentication. This vulnerability also presents a potential for privilege escalation, although it is difficult to exploit.
CVE-2025-4574 1 Redhat 7 Directory Server, Enterprise Linux, Openshift and 4 more 2026-06-30 6.5 Medium
In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
CVE-2025-6032 1 Redhat 3 Enterprise Linux, Openshift, Rhel Eus 2026-06-30 8.3 High
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
CVE-2025-6020 1 Redhat 16 Cert Manager, Confidential Compute Attestation, Discovery and 13 more 2026-06-30 7.8 High
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
CVE-2025-5914 2 Libarchive, Redhat 19 Libarchive, Cert Manager, Confidential Compute Attestation and 16 more 2026-06-30 7.8 High
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
CVE-2025-5915 2 Libarchive, Redhat 4 Libarchive, Enterprise Linux, Openshift and 1 more 2026-06-30 6.6 Medium
A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.
CVE-2025-5917 2 Libarchive, Redhat 4 Libarchive, Enterprise Linux, Openshift and 1 more 2026-06-30 2.8 Low
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.
CVE-2025-5916 2 Libarchive, Redhat 4 Libarchive, Enterprise Linux, Openshift and 1 more 2026-06-30 3.9 Low
A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.
CVE-2025-5318 2 Libssh, Redhat 11 Libssh, Ai Inference Server, Enterprise Linux and 8 more 2026-06-30 8.1 High
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
CVE-2025-4953 1 Redhat 2 Enterprise Linux, Openshift 2026-06-30 7.4 High
A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.
CVE-2025-5449 2 Libssh, Redhat 3 Libssh, Enterprise Linux, Openshift 2026-06-30 6.5 Medium
A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.
CVE-2025-5918 2 Libarchive, Redhat 4 Libarchive, Enterprise Linux, Openshift and 1 more 2026-06-30 3.9 Low
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.
CVE-2025-5351 2 Libssh, Redhat 4 Libssh, Enterprise Linux, Openshift and 1 more 2026-06-30 6.5 Medium
A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.
CVE-2025-4878 1 Redhat 2 Enterprise Linux, Openshift 2026-06-30 3.6 Low
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.
CVE-2025-4432 1 Redhat 5 Enterprise Linux, Openshift, Satellite and 2 more 2026-06-30 5.3 Medium
A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets sent or received.
CVE-2025-4598 5 Debian, Linux, Oracle and 2 more 10 Debian Linux, Linux Kernel, Linux and 7 more 2026-06-30 4.7 Medium
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.
CVE-2025-4373 1 Redhat 8 Enterprise Linux, Insights Proxy, Openshift Distributed Tracing and 5 more 2026-06-30 4.8 Medium
A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.
CVE-2025-4877 1 Redhat 2 Enterprise Linux, Openshift 2026-06-30 4.5 Medium
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.
CVE-2025-6021 2 Redhat, Xmlsoft 30 Discovery, Enterprise Linux, Enterprise Linux Eus and 27 more 2026-06-30 7.5 High
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.