Redhat Enterprise Linux vulnerabilities

CVE-2026-4948 [MEDIUM] CWE-279 CVE-2026-4948: A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-autho A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leading to unauthorized changes in network security config

CVE-2026-2100 [HIGH] CWE-824 CVE-2026-2100: A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_Der A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior.

CVE-2026-2436 [HIGH] CWE-825 CVE-2026-2436: A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerabi A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server c

CVE-2026-0966 [HIGH] CWE-124 CVE-2026-0966: A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service w A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to `SSH_LOG_PACKET (3)` or higher. Successful ex

CVE-2026-2272 [MEDIUM] CWE-190 CVE-2026-2272: A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_info` and `ico_read_icon` functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized image headers to bypass security checks. A remote att

CVE-2026-0964 [MEDIUM] CVE-2026-0964: A malicious SCP server can send unexpected paths that could make the client application override loc A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111.

CVE-2026-2239 [MEDIUM] CWE-170 CVE-2026-2239: A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string funct A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read when strlen() is subsequently called. Successfully expl

CVE-2026-4897 [MEDIUM] CWE-770 CVE-2026-4897: A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessiv A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.

CVE-2026-0967 [MEDIUM] CWE-1333 CVE-2026-0967: A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_ho A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the cli

CVE-2026-0968 [LOW] CWE-476 CVE-2026-0968: A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of servi

CVE-2026-0965 [LOW] CWE-73 CVE-2026-0965: A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or

CVE-2026-4775 [HIGH] CWE-190 CVE-2026-4775: A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow v A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) o

CVE-2026-3260 [HIGH] CWE-770 CVE-2026-3260: A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentiall

CVE-2026-1940 [HIGH] CVE-2026-1940: An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() funct An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.

CVE-2026-4647 [MEDIUM] CWE-125 CVE-2026-4647: A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds.

CVE-2026-4424 [HIGH] CWE-125 CVE-2026-4424: A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory

CVE-2026-4426 [MEDIUM] CWE-1335 CVE-2026-4426: A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompressi A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential applicat

CVE-2026-4271 [HIGH] CWE-416 CVE-2026-4271: A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Us A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already bee

CVE-2026-3632 [MEDIUM] CWE-1286 CVE-2026-3632: A flaw was found in libsoup, a library used by applications to send network requests. This vulnerabi A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where they can send hidden, malicious requests alongside leg

CVE-2026-3633 [MEDIUM] CWE-93 CVE-2026-3633: A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_mes A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage Return Line Feed) injection, occurs because the method value is not properly escaped during request line construction, potential