Search Results (59 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-5419 2 Gnu, Redhat 11 Gnutls, Discovery, Enterprise Linux and 8 more 2026-07-15 3.7 Low
A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.
CVE-2026-42015 1 Redhat 13 Discovery, Enterprise Linux, Enterprise Linux Eus and 10 more 2026-07-15 5.3 Medium
A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.
CVE-2026-42014 2 Gnu, Redhat 14 Gnutls, Discovery, Enterprise Linux and 11 more 2026-07-15 6.6 Medium
A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.
CVE-2026-42013 2 Gnu, Redhat 14 Gnutls, Discovery, Enterprise Linux and 11 more 2026-07-15 8.2 High
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.
CVE-2026-42012 2 Gnu, Redhat 14 Gnutls, Discovery, Enterprise Linux and 11 more 2026-07-15 7.1 High
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.
CVE-2026-5260 2 Gnu, Redhat 14 Gnutls, Discovery, Enterprise Linux and 11 more 2026-07-15 8.2 High
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.
CVE-2026-4878 2 Libcap Project, Redhat 18 Libcap, Ai Inference Server, Cost Management and 15 more 2026-07-15 6.7 Medium
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
CVE-2026-48864 2 Opensuse, Redhat 9 Libsolv, Enterprise Linux, Hardened Images and 6 more 2026-07-14 7.8 High
A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.
CVE-2026-6845 2 Gnu, Redhat 6 Binutils, Enterprise Linux, Hardened Images and 3 more 2026-07-13 5 Medium
A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash.
CVE-2026-6846 3 Gnu, Iputils, Redhat 7 Binutils, Iputils, Enterprise Linux and 4 more 2026-07-13 7.8 High
A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.
CVE-2026-42009 2 Gnu, Redhat 26 Gnutls, Ai Inference Server, Discovery and 23 more 2026-07-13 7.5 High
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
CVE-2026-42010 2 Gnu, Redhat 15 Gnutls, Ai Inference Server, Discovery and 12 more 2026-07-13 7.1 High
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
CVE-2026-13757 2 P11-kit Project, Redhat 6 P11-kit, Enterprise Linux, Hardened Images and 3 more 2026-07-13 6.2 Medium
A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no recursion depth limit when processing nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TEMPLATE attributes. An unauthenticated attacker with local access to the p11-kit RPC Unix domain socket can send a specially crafted request with deeply nested template attributes, causing stack exhaustion and crashing the p11-kit server process and its dependent services.
CVE-2026-55655 2 Openssh, Redhat 6 Openssh, Enterprise Linux, Hardened Images and 3 more 2026-07-08 5 Medium
A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input, and may allow some manipulation of the forwarded session.
CVE-2026-55654 2 Openssh, Redhat 6 Openssh, Enterprise Linux, Hardened Images and 3 more 2026-07-08 3.7 Low
A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific configurations involving GSSAPI authentication and a Kerberos environment, could exploit this to cause the SSH authentication path to crash or abort. This leads to a denial of service (DoS), impacting the availability of the SSH service.
CVE-2026-55653 2 Openssh, Redhat 6 Openssh, Enterprise Linux, Hardened Images and 3 more 2026-07-08 4.3 Medium
A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS).
CVE-2026-2100 2 P11-kit Project, Redhat 8 P11-kit, Cost Management, Enterprise Linux and 5 more 2026-07-07 5.3 Medium
A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.
CVE-2026-33846 2 Gnu, Redhat 16 Gnutls, Ai Inference Server, Discovery and 13 more 2026-07-06 7.5 High
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.
CVE-2026-33845 2 Gnu, Redhat 16 Gnutls, Ai Inference Server, Discovery and 13 more 2026-07-06 7.5 High
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
CVE-2026-56211 2 Aomedia, Redhat 7 Libaom, Ai Inference Server, Enterprise Linux and 4 more 2026-07-03 7.1 High
A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC (Scalable Video Coding) layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer context structures. In fork-based video processing services, an attacker can use this to hijack the cyclic refresh map pointer, brute-force the process base address via a crash oracle, and redirect control flow to achieve arbitrary command execution. Exploitation requires the target service to use libaom with SVC encoding enabled and accept attacker-supplied video frames.