Codeready Linux Builder

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-13601 HIGH POC PATCH This Week

A heap-based buffer overflow vulnerability exists in the glib library's g_escape_uri_string() function due to an integer overflow in buffer size calculation when processing strings with a very large number of characters requiring URI escaping. This vulnerability affects multiple Red Hat Enterprise Linux 9.0 and 10.0 distributions across various architectures (x86_64, ARM64, IBM Z, Power). A proof-of-concept exploit is publicly available, though EPSS scoring indicates only 0.01% exploitation probability (1st percentile), suggesting limited active exploitation in the wild despite the availability of exploit code.

Buffer Overflow Enterprise Linux For Power Little Endian Eus Enterprise Linux Server For Power Little Endian Enterprise Linux Server For Power Little Endian Eus Discovery +27
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-3155 HIGH POC PATCH This Week

A flaw was found in Yelp. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Yelp Debian Linux Codeready Linux Builder Codeready Linux Builder For Arm64 +19
NVD GitHub
CVSS 3.1
7.4
EPSS
0.7%
CVE-2025-2784 HIGH POC PATCH This Week

A flaw was found in libsoup. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libsoup Codeready Linux Builder Codeready Linux Builder For Arm64 +20
NVD
CVSS 3.1
7.0
EPSS
2.1%
CVE-2023-5455 MEDIUM This Month

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.

CSRF Enterprise Linux For Power Little Endian Eus Enterprise Linux For Power Big Endian Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Enterprise Linux For Arm 64 Eus +17
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-13601
EPSS 0% CVSS 7.7
HIGH POC PATCH This Week

A heap-based buffer overflow vulnerability exists in the glib library's g_escape_uri_string() function due to an integer overflow in buffer size calculation when processing strings with a very large number of characters requiring URI escaping. This vulnerability affects multiple Red Hat Enterprise Linux 9.0 and 10.0 distributions across various architectures (x86_64, ARM64, IBM Z, Power). A proof-of-concept exploit is publicly available, though EPSS scoring indicates only 0.01% exploitation probability (1st percentile), suggesting limited active exploitation in the wild despite the availability of exploit code.

Buffer Overflow Enterprise Linux For Power Little Endian Eus Enterprise Linux Server For Power Little Endian +29
NVD
CVE-2025-3155
EPSS 1% CVSS 7.4
HIGH POC PATCH This Week

A flaw was found in Yelp. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Yelp Debian Linux +21
NVD GitHub
CVE-2025-2784
EPSS 2% CVSS 7.0
HIGH POC PATCH This Week

A flaw was found in libsoup. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libsoup +22
NVD
CVE-2023-5455
EPSS 0% CVSS 6.5
MEDIUM This Month

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.

CSRF Enterprise Linux For Power Little Endian Eus Enterprise Linux For Power Big Endian +19
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy