Export limit exceeded: 363202 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363202 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-32912 1 Redhat 1 Enterprise Linux 2026-06-30 6.5 Medium
A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash.
CVE-2025-32909 1 Redhat 1 Enterprise Linux 2026-06-30 5.3 Medium
A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash.
CVE-2025-32910 1 Redhat 1 Enterprise Linux 2026-06-30 6.5 Medium
A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.
CVE-2025-32907 1 Redhat 3 Enterprise Linux, Rhel E4s, Rhel Eus 2026-06-30 5.3 Medium
A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.
CVE-2025-32053 1 Redhat 2 Enterprise Linux, Rhel Eus 2026-06-30 6.5 Medium
A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.
CVE-2025-32052 1 Redhat 2 Enterprise Linux, Rhel Eus 2026-06-30 6.5 Medium
A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
CVE-2025-32050 1 Redhat 2 Enterprise Linux, Rhel Eus 2026-06-30 5.9 Medium
A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
CVE-2025-32051 1 Redhat 1 Enterprise Linux 2026-06-30 5.9 Medium
A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS).
CVE-2025-32049 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-06-30 7.5 High
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
CVE-2025-49795 1 Redhat 3 Enterprise Linux, Hummingbird, Jboss Core Services 2026-06-30 7.5 High
A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.
CVE-2025-3576 1 Redhat 8 Discovery, Enterprise Linux, Openshift and 5 more 2026-06-30 5.9 Medium
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
CVE-2025-2784 2 Gnome, Redhat 26 Libsoup, Codeready Linux Builder, Codeready Linux Builder For Arm64 and 23 more 2026-06-30 7 High
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
CVE-2024-11831 1 Redhat 34 Acm, Advanced Cluster Security, Ansible Automation Platform and 31 more 2026-06-29 5.4 Medium
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
CVE-2025-14104 1 Redhat 6 Ceph Storage, Enterprise Linux, Hummingbird and 3 more 2026-06-29 6.1 Medium
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
CVE-2025-14087 2 Gnome, Redhat 14 Glib, Ai Inference Server, Discovery and 11 more 2026-06-29 5.6 Medium
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.
CVE-2025-13193 1 Redhat 1 Enterprise Linux 2026-06-29 5.5 Medium
A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.
CVE-2025-12748 1 Redhat 1 Enterprise Linux 2026-06-29 5.5 Medium
A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.
CVE-2025-0690 1 Redhat 2 Enterprise Linux, Openshift 2026-06-29 6.1 Medium
The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence.
CVE-2026-12505 1 Redhat 4 Cifs-utils, Enterprise Linux, Openshift and 1 more 2026-06-29 7.8 High
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted request_key payload to trick the root-owned helper into entering a custom environment (namespace) containing a malicious NSS module. This forces the system to load the attacker's controlled NSS Module and configuration, allowing them to execute arbitrary commands as the root user, elevating their privileges and fully compromising the system.
CVE-2023-32255 1 Redhat 1 Enterprise Linux 2026-06-29 5.3 Medium
A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion.