Filtered by vendor Redhat
Subscriptions
Filtered by product Rhel Els
Subscriptions
Total
604 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24213 | 2 Apple, Redhat | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-03 | 7.8 High |
| This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.5, Safari 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, watchOS 11.5, visionOS 2.5. A type confusion issue could lead to memory corruption. | ||||
| CVE-2025-24209 | 2 Apple, Redhat | 12 Ipados, Iphone Os, Macos and 9 more | 2025-11-03 | 7 High |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-24208 | 2 Apple, Redhat | 9 Ipados, Iphone Os, Safari and 6 more | 2025-11-03 | 6.1 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack. | ||||
| CVE-2025-24162 | 2 Apple, Redhat | 13 Ipados, Iphone Os, Macos and 10 more | 2025-11-03 | 6.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-24158 | 2 Apple, Redhat | 9 Ipados, Iphone Os, Macos and 6 more | 2025-11-03 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service. | ||||
| CVE-2025-24150 | 2 Apple, Redhat | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-03 | 8.8 High |
| A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Copying a URL from Web Inspector may lead to command injection. | ||||
| CVE-2025-24143 | 2 Apple, Redhat | 6 Ipados, Macos, Safari and 3 more | 2025-11-03 | 6.5 Medium |
| The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user. | ||||
| CVE-2025-1938 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-11-03 | 6.5 Medium |
| Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | ||||
| CVE-2025-1937 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-11-03 | 7.5 High |
| Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | ||||
| CVE-2025-1936 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-11-03 | 7.3 High |
| jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | ||||
| CVE-2025-1935 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-11-03 | 4.3 Medium |
| A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | ||||
| CVE-2025-1934 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-11-03 | 6.5 Medium |
| It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | ||||
| CVE-2025-1933 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-11-03 | 7.6 High |
| On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | ||||
| CVE-2025-1932 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-11-03 | 8.1 High |
| An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | ||||
| CVE-2025-1931 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-11-03 | 7.5 High |
| It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | ||||
| CVE-2025-1017 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-11-03 | 9.8 Critical |
| Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | ||||
| CVE-2025-1016 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-11-03 | 9.8 Critical |
| Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | ||||
| CVE-2025-1014 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-11-03 | 8.8 High |
| Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | ||||
| CVE-2025-1013 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-11-03 | 6.5 Medium |
| A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | ||||
| CVE-2025-1012 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-11-03 | 9.8 Critical |
| A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | ||||