Filtered by vendor Redhat
Subscriptions
Filtered by product Hummingbird
Subscriptions
Total
144 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-48863 | 2 Libsolv, Redhat | 6 Libsolv, Enterprise Linux, Hummingbird and 3 more | 2026-07-18 | 7.5 High |
| A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows. | ||||
| CVE-2026-40469 | 2 Gnu, Redhat | 2 Gawk, Hummingbird | 2026-07-17 | 2.8 Low |
| Integer overflow vulnerability has been found in "builtin.c" program file of gawk (do_sub() routine). This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below. | ||||
| CVE-2026-57108 | 2 Microsoft, Redhat | 2 .net, Hummingbird | 2026-07-17 | 7.5 High |
| Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-50650 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 7.8 High |
| Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-50649 | 2 Microsoft, Redhat | 3 .net, Visual Studio 2026, Hummingbird | 2026-07-17 | 7.8 High |
| Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-50648 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 7.5 High |
| Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-50646 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 7.8 High |
| Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-50528 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 8.2 High |
| Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-50527 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 7.5 High |
| Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-50526 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 7 High |
| Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally. | ||||
| CVE-2026-50525 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 7.5 High |
| Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-56170 | 2 Microsoft, Redhat | 2 .net, Hummingbird | 2026-07-17 | 7.5 High |
| Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-50524 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 7.5 High |
| Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-47303 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 8.8 High |
| Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-47302 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 7.5 High |
| Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-47300 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 8.8 High |
| Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-47429 | 2 Redhat, Vitest.dev | 2 Hummingbird, Vitest | 2026-07-15 | 9.8 Critical |
| Vitest is a testing framework powered by Vite. Prior to 3.2.5 and 4.1.0, the Vitest UI/API server on Windows used isFileServingAllowed incorrectly for /__vitest_attachment__, allowing \\?\\..\\ path traversal to read files outside the project; exposed API write and rerun features such as saveTestFile and rerun could also allow arbitrary script execution. This issue is fixed in versions 3.2.5 and 4.1.0. | ||||
| CVE-2026-47428 | 2 Redhat, Vitest.dev | 2 Hummingbird, Vitest | 2026-07-15 | 9.6 Critical |
| Vitest is a testing framework powered by Vite. From 4.0.17 until 4.1.6 and 5.0.0-beta.3, Vitest Browser Mode served /__vitest_test__/ with the otelCarrier query parameter inserted directly into an inline module script, allowing a crafted browser-runner URL to execute arbitrary JavaScript in the Vitest server origin and recover VITEST_API_TOKEN for authenticated API calls. This issue is fixed in versions 4.1.6 and 5.0.0-beta.3. | ||||
| CVE-2026-5419 | 2 Gnu, Redhat | 11 Gnutls, Discovery, Enterprise Linux and 8 more | 2026-07-15 | 3.7 Low |
| A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure. | ||||
| CVE-2026-42015 | 1 Redhat | 13 Discovery, Enterprise Linux, Enterprise Linux Eus and 10 more | 2026-07-15 | 5.3 Medium |
| A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts. | ||||