Redhat Enterprise Linux vulnerabilities

CVE-2026-35091 [HIGH] CWE-253 CVE-2026-35091: A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vul A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory conte

CVE-2026-35092 [HIGH] CWE-190 CVE-2026-35092: A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity va A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use

CVE-2026-5119 [MEDIUM] CWE-319 CVE-2026-5119: A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensit A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.

CVE-2026-28368 [HIGH] CWE-444 CVE-2026-28368: A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially cra A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unaut

CVE-2026-28369 [HIGH] CWE-444 CVE-2026-28369: A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line sta A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform request smuggling. Request smuggling allows an attacker t

CVE-2026-0968 [CRITICAL] CWE-476 CVE-2026-0968: A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of

CVE-2026-2272 [MEDIUM] CWE-190 CVE-2026-2272: A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_info` and `ico_read_icon` functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized image headers to bypass security checks. A remote att

CVE-2026-0967 [MEDIUM] CWE-1333 CVE-2026-0967: A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_ho A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the cli

CVE-2026-0965 [LOW] CWE-73 CVE-2026-0965: A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or

CVE-2026-2239 [LOW] CWE-170 CVE-2026-2239: A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string funct A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read when strlen() is subsequently called. Successfully exploit

CVE-2026-3260 [MEDIUM] CWE-770 CVE-2026-3260: A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentia

CVE-2026-4647 [MEDIUM] CWE-125 CVE-2026-4647: A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds.

CVE-2026-4271 [MEDIUM] CWE-416 CVE-2026-4271: A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Us A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already b

CVE-2026-3632 [LOW] CWE-1286 CVE-2026-3632: A flaw was found in libsoup, a library used by applications to send network requests. This vulnerabi A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where they can send hidden, malicious requests alongside legiti

CVE-2026-3633 [LOW] CWE-93 CVE-2026-3633: A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_mes A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage Return Line Feed) injection, occurs because the method value is not properly escaped during request line construction, potentially

CVE-2026-3634 [LOW] CWE-93 CVE-2026-3634: A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header c A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP head

CVE-2026-3441 [MEDIUM] CWE-125 CVE-2026-3441: A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this flaw, potentially leading to information disclosure or an

CVE-2026-3442 [MEDIUM] CWE-125 CVE-2026-3442: A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause t

CVE-2026-3099 [MEDIUM] CWE-323 CVE-2026-3099: A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDom A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, th

CVE-2025-12801 [MEDIUM] CWE-279 CVE-2025-12801: A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, a