Redhat Enterprise Linux vulnerabilities

CVE-2025-9572 [MEDIUM] CWE-863 CVE-2025-9572: n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.

CVE-2026-26103 [HIGH] CWE-862 CVE-2026-26103: A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for res A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys an

CVE-2026-26104 [MEDIUM] CWE-862 CVE-2026-26104: A flaw was found in the udisks storage management daemon that allows unprivileged users to back up L A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to at

CVE-2026-2443 [MEDIUM] CWE-125 CVE-2026-2443: A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires

CVE-2026-1709 [CRITICAL] CWE-322 CVE-2026-1709: A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-si A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TP

CVE-2026-1801 [MEDIUM] CWE-444 CVE-2026-1801: A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerabilit A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line feed (LF) characters instead of the required carriage return and line feed (CRLF). A remote attac

CVE-2026-1536 [MEDIUM] CWE-93 CVE-2026-1536: A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition heade A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP headers to be injected. This vulnerability can lead to

CVE-2026-1539 [MEDIUM] CWE-201 CVE-2026-1539: A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be s A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be l

CVE-2026-1467 [MEDIUM] CWE-93 CVE-2026-1467: A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Ret A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing a specially crafted URL containing CRLF sequences, allo

CVE-2025-14512 [MEDIUM] CWE-190 CVE-2025-14512: A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (Do A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

CVE-2025-14087 [MEDIUM] CWE-190 CVE-2025-14087: A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corr A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

CVE-2025-9784 [HIGH] CWE-770 CVE-2025-9784: A flaw was found in Undertow where malformed client requests can trigger server-side stream resets w A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implem

CVE-2025-8283 [LOW] CWE-15 CVE-2025-8283: A vulnerability was found in the netavark package, a network stack for containers used with Podman. A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's

CVE-2025-7519 [MEDIUM] CWE-787 CVE-2025-7519: A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy f

CVE-2025-7424 [HIGH] CWE-843 CVE-2025-7424: A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet an A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

CVE-2025-32990 [MEDIUM] CWE-122 CVE-2025-32990: A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing lo A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash t

CVE-2025-32988 [MEDIUM] CWE-415 CVE-2025-32988: A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition wh

CVE-2025-32989 [MEDIUM] CWE-295 CVE-2025-32989: A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transpare A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This iss

CVE-2025-5372 [MEDIUM] CWE-682 CVE-2025-5372: A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fai

CVE-2025-5351 [MEDIUM] CWE-415 CVE-2025-5351: A flaw was found in the key export functionality of libssh. The issue occurs in the internal functio A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition m