Export limit exceeded: 367078 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1787 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4111 | 1 Redhat | 11 Ai Inference Server, Discovery, Enterprise Linux and 8 more | 2026-06-10 | 7.5 High |
| A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives. | ||||
| CVE-2024-43485 | 4 Apple, Linux, Microsoft and 1 more | 12 Macos, Linux Kernel, .net and 9 more | 2026-06-09 | 7.5 High |
| .NET and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2024-43484 | 4 Apple, Linux, Microsoft and 1 more | 28 Macos, Linux Kernel, .net and 25 more | 2026-06-09 | 7.5 High |
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2024-43483 | 4 Apple, Linux, Microsoft and 1 more | 28 Macos, Linux Kernel, .net and 25 more | 2026-06-09 | 7.5 High |
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2026-5119 | 2 Gnome, Redhat | 9 Libsoup, Enterprise Linux, Enterprise Linux Eus and 6 more | 2026-06-09 | 5.9 Medium |
| A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation. | ||||
| CVE-2026-34002 | 2 Redhat, X.org | 9 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 6 more | 2026-06-08 | 6.1 Medium |
| A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service. | ||||
| CVE-2026-34000 | 2 Redhat, X.org | 10 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 7 more | 2026-06-08 | 6.1 Medium |
| A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server. | ||||
| CVE-2026-34003 | 2 Redhat, X.org | 9 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 6 more | 2026-06-08 | 7.8 High |
| A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible. | ||||
| CVE-2026-34001 | 2 Redhat, X.org | 9 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 6 more | 2026-06-08 | 7.8 High |
| A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system. | ||||
| CVE-2026-33999 | 1 Redhat | 8 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 5 more | 2026-06-08 | 7.8 High |
| A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts. | ||||
| CVE-2024-0193 | 2 Linux, Redhat | 26 Linux Kernel, Codeready Linux Builder, Codeready Linux Builder For Eus and 23 more | 2026-06-05 | 7.8 High |
| A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system. | ||||
| CVE-2022-0492 | 6 Canonical, Debian, Fedoraproject and 3 more | 39 Ubuntu Linux, Debian Linux, Fedora and 36 more | 2026-06-03 | 7.8 High |
| A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | ||||
| CVE-2022-48816 | 2 Linux, Redhat | 2 Linux Kernel, Rhel E4s | 2026-06-01 | 4.7 Medium |
| In the Linux kernel, the following vulnerability has been resolved: SUNRPC: lock against ->sock changing during sysfs read ->sock can be set to NULL asynchronously unless ->recv_mutex is held. So it is important to hold that mutex. Otherwise a sysfs read can trigger an oops. Commit 17f09d3f619a ("SUNRPC: Check if the xprt is connected before handling sysfs reads") appears to attempt to fix this problem, but it only narrows the race window. | ||||
| CVE-2025-11234 | 1 Redhat | 4 Enterprise Linux, Openshift, Rhel E4s and 1 more | 2026-06-01 | 7.5 High |
| A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication. | ||||
| CVE-2018-3646 | 2 Intel, Redhat | 16 Core I3, Core I5, Core I7 and 13 more | 2026-05-29 | 5.6 Medium |
| Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. | ||||
| CVE-2018-3639 | 12 Arm, Canonical, Debian and 9 more | 330 Cortex-a, Ubuntu Linux, Debian Linux and 327 more | 2026-05-29 | 5.5 Medium |
| Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | ||||
| CVE-2018-3620 | 2 Intel, Redhat | 16 Core I3, Core I5, Core I7 and 13 more | 2026-05-29 | 5.6 Medium |
| Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. | ||||
| CVE-2018-12130 | 3 Fedoraproject, Intel, Redhat | 13 Fedora, Microarchitectural Fill Buffer Data Sampling, Microarchitectural Fill Buffer Data Sampling Firmware and 10 more | 2026-05-29 | 5.9 Medium |
| Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | ||||
| CVE-2018-12127 | 3 Fedoraproject, Intel, Redhat | 13 Fedora, Microarchitectural Load Port Data Sampling, Microarchitectural Load Port Data Sampling Firmware and 10 more | 2026-05-29 | 5.6 Medium |
| Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | ||||
| CVE-2018-12126 | 3 Fedoraproject, Intel, Redhat | 13 Fedora, Microarchitectural Store Buffer Data Sampling, Microarchitectural Store Buffer Data Sampling Firmware and 10 more | 2026-05-29 | 5.6 Medium |
| Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | ||||