Search Results (16512 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4727 1 Redhat 6 Certificate System Eus, Enterprise Linux, Rhel Aus and 3 more 2026-06-26 7.5 High
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
CVE-2024-2199 1 Redhat 4 Directory Server, Directory Server E4s, Enterprise Linux and 1 more 2026-06-26 5.7 Medium
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.
CVE-2025-31181 2 Gnuplot, Redhat 2 Gnuplot, Enterprise Linux 2026-06-26 6.2 Medium
A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.
CVE-2024-49395 3 Mutt, Neomutt, Redhat 3 Mutt, Neomutt, Enterprise Linux 2026-06-26 5.3 Medium
In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.
CVE-2024-49394 3 Mutt, Neomutt, Redhat 3 Mutt, Neomutt, Enterprise Linux 2026-06-26 5.3 Medium
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
CVE-2024-49393 3 Mutt, Neomutt, Redhat 3 Mutt, Neomutt, Enterprise Linux 2026-06-26 6.5 Medium
In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.
CVE-2024-52337 1 Redhat 9 Enterprise Linux, Rhel Aus, Rhel E4s and 6 more 2026-06-26 5.5 Medium
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.
CVE-2024-52336 1 Redhat 1 Enterprise Linux 2026-06-26 7.8 High
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
CVE-2024-9050 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-06-25 7.8 High
A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration.
CVE-2025-31179 2 Gnuplot, Redhat 2 Gnuplot, Enterprise Linux 2026-06-25 6.2 Medium
A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.
CVE-2025-31178 2 Gnuplot, Redhat 2 Gnuplot, Enterprise Linux 2026-06-25 6.2 Medium
A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.
CVE-2025-31177 2 Gnuplot, Redhat 2 Gnuplot, Enterprise Linux 2026-06-25 5.5 Medium
gnuplot is affected by a heap buffer overflow at function utf8_copy_one.
CVE-2025-31180 2 Gnuplot, Redhat 2 Gnuplot, Enterprise Linux 2026-06-25 6.2 Medium
A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.
CVE-2025-31176 2 Gnuplot, Redhat 2 Gnuplot, Enterprise Linux 2026-06-25 6.2 Medium
A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.
CVE-2026-11820 1 Redhat 2 Community.general, Enterprise Linux 2026-06-25 6.5 Medium
A flaw was found in the community.general Ansible collection's nexmo module. The module constructs HTTP requests to the Vonage/Nexmo SMS API by encoding API credentials (api_key and api_secret) into URL query parameters and sending them via GET requests. This causes credentials to be exposed in web server access logs, proxy logs, HTTP Referer headers, and network monitoring tools, despite the Ansible argument specification marking these parameters as no_log. An attacker with access to any of these logging or monitoring points can obtain the full API credentials and gain unauthorized access to the victim's Vonage/Nexmo account.
CVE-2026-12725 2 Dnsmasq, Redhat 4 Dnsmasq, Enterprise Linux, Openshift and 1 more 2026-06-24 5.9 Medium
A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply such a DNS response may crash the dnsmasq process, resulting in denial of service.
CVE-2026-12549 2 Libsoup, Redhat 2 Libsoup, Enterprise Linux 2026-06-24 4.8 Medium
The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading to malformed HTTP 206 responses and log flooding.
CVE-2026-3832 2 Gnu, Redhat 9 Gnutls, Discovery, Enterprise Linux and 6 more 2026-06-24 3.7 Low
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.
CVE-2026-12969 2 Dnsmasq, Redhat 4 Dnsmasq, Enterprise Linux, Openshift and 1 more 2026-06-24 5.3 Medium
An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can exploit this via a crafted NXDOMAIN response to cause a 10-byte heap out-of-bounds read, potentially accessing stale data from prior transactions.
CVE-2026-11819 1 Redhat 2 Community.general, Enterprise Linux 2026-06-24 5.5 Medium
Module: plugins/modules/keyring_info.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring (GNOME Keyring, macOS Keychain, Windows Credential Manager) and places it directly into result["passphrase"] with no output suppression, no no_log protection, and no documentation warning. Root Cause: Line 105 (protected): keyring_password=dict(type="str", required=True, no_log=True) Line 127 (NOT protected): result["passphrase"] = passphrase Observed Output: { "changed": false, "passphrase": "MyMasterP@ssw0rd!SSH_Key_Secret" } Visible via register + debug: { "keyring_result": { "changed": false, "passphrase": "MyMasterP@ssw0rd!SSH_Key_Secret" } } Impact: Master passwords, SSH key passphrases and service credentials appear in all Ansible output register: keyring_result followed by debug: var=keyring_result prints passphrase in full Ansible fact caching backends (Redis, JSON file, memcached) may persist the passphrase AWX/Tower job logs silently store the live credential Fix: module.exit_json(changed=False, passphrase=passphrase, _ansible_no_log=True) Also add a documentation warning requiring callers to use no_log: true at the task level. PoCs Fig 1: PoC execution showing passphrase in plaintext output Fig 2: Source code showing no_log=True on input (line 105) vs unprotected output (line 127)