本ページは redhat update_infrastructure に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-48864 | A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service. | [email protected] | 7.8 | 0.16% | 2026-05-26 | 2026-06-23 |
| CVE-2026-9149 | A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS). | [email protected] | 6.5 | 0.27% | 2026-05-20 | 2026-06-26 |
| CVE-2026-9150 | A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system. | [email protected] | 6.5 | 0.35% | 2026-05-20 | 2026-06-29 |
| CVE-2023-50782 | A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. | [email protected] | 7.5 | 1.11% | 2024-02-05 | 2026-06-17 |
| CVE-2023-50781 | A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. | [email protected] | 7.5 | 1.11% | 2024-02-05 | 2026-06-17 |
| CVE-2022-3644 | The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. | [email protected] | 5.5 | 0.28% | 2022-10-25 | 2026-06-17 |
| CVE-2013-4518 | RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates | [email protected] | 5.5 | 0.26% | 2019-11-04 | 2026-06-16 |