Filtered by vendor Redhat Subscriptions
Total 23592 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-53366 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Linux Eus 2026-07-18 7.8 High
In the Linux kernel, the following vulnerability has been resolved: ipv4: account for fraggap on the paged allocation path In __ip_append_data(), when the paged-allocation branch is taken, alloclen and pagedlen are computed as alloclen = fragheaderlen + transhdrlen; pagedlen = datalen - transhdrlen; datalen already includes fraggap, but the fraggap bytes carried over from the previous skb are copied into the new skb's linear area at offset transhdrlen by the subsequent skb_copy_and_csum_bits(). The linear area is therefore undersized by fraggap bytes while pagedlen is overstated by the same amount. The non-paged branch sets alloclen to fraglen, which already accounts for fraggap because datalen does. Bring the paged branch in line by adding fraggap to alloclen and subtracting it from pagedlen. After this adjustment, copy no longer collapses to -fraggap on the paged path, so remove the stale comment describing that old arithmetic.
CVE-2026-48863 2 Libsolv, Redhat 6 Libsolv, Enterprise Linux, Hummingbird and 3 more 2026-07-18 7.5 High
A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows.
CVE-2026-40469 2 Gnu, Redhat 2 Gawk, Hummingbird 2026-07-17 2.8 Low
Integer overflow vulnerability has been found in "builtin.c" program file of gawk (do_sub() routine). This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below.
CVE-2026-57108 2 Microsoft, Redhat 2 .net, Hummingbird 2026-07-17 7.5 High
Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-50650 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.8 High
Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally.
CVE-2026-50649 2 Microsoft, Redhat 3 .net, Visual Studio 2026, Hummingbird 2026-07-17 7.8 High
Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.
CVE-2026-50648 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.5 High
Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-50646 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.8 High
Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.
CVE-2026-50528 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 8.2 High
Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-50527 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.5 High
Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-50526 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7 High
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.
CVE-2026-50525 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.5 High
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-56170 2 Microsoft, Redhat 2 .net, Hummingbird 2026-07-17 7.5 High
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-50524 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.5 High
Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-47303 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 8.8 High
Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
CVE-2026-47302 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.5 High
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-47300 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 8.8 High
Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
CVE-2026-16118 1 Redhat 1 Enterprise Linux 2026-07-17 7.1 High
A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in _xdg_mime_magic_parse_magic_line() in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location (e.g., in the $XDG_DATA_HOME/mime/magic path) is parsed by an application performing MIME type detection (e.g., via g_content_type_guess()). When performing byte-swap, incorrect pointer arithmetic on the write side causes an out-of-bounds write of 2 bytes, resulting in an application crash or memory corruption.
CVE-2026-16072 1 Redhat 4 Build Keycloak, Jboss Data Grid, Jbosseapxp and 1 more 2026-07-17 4.9 Medium
A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface. By using this link, the administrator can create new user accounts and add them to the organization without having the required user management permissions or access to the invited email account. This allows an administrator to bypass security boundaries and add unauthorized members to an organization.
CVE-2026-16108 1 Redhat 4 Build Keycloak, Jboss Data Grid, Jbosseapxp and 1 more 2026-07-17 4.3 Medium
A flaw was found in the default-groups REST endpoint and realm representation of Keycloak. This component is responsible for managing groups that are automatically assigned to new users within a realm. The issue allows a delegated administrator with realm-viewing permissions to see the names and identifiers of hidden default groups, even if they lack the specific permissions to view those groups. This can lead to the exposure of sensitive organizational structures or internal group names.