Red Hat Latest Vulnerabilities

December 24

Vulnerability in Skupper Console Exposes Sensitive Data and Impacts Resource Availability

CVE-2024-12582

Red HatRed Hat Service Interc...7.1HIGH

December 20

Server-Side Request Forgery Vulnerability in Red Hat Satellite

CVE-2024-12840

Red Hat5MEDIUM

December 18

Incomplete Protection in Rapid Reset for Red Hat's ose-olm-catalogd-container

CVE-2024-12698

Red Hat6.5MEDIUM

December 17

Keycloak Vulnerability Exposes Sensitive Information via Unsecured JGroups Configuration

CVE-2024-10973

Red Hat5.7MEDIUM

Vulnerability in Open Cluster Management Impacting Cluster-Manager Deployments

CVE-2024-9779

Red Hat7.5HIGH

December 12

Cert-Manager Vulnerability Permits CPU-Based DoS Attack

CVE-2024-12401

Red HatCert-manager Operator ...4.4MEDIUM

Cookies vulnerability could lead to unauthorized data access or modification

CVE-2024-12397

Red HatCryostat 37.4HIGH

December 9

Authorization Code Injection Vulnerability in RH SSO OIDC Adapter

CVE-2024-12369

Red HatRed Hat Build Of Keycloak4.2MEDIUM

November 26

Log Spoofing Flaw Found in Tuned Package

CVE-2024-52337

Red HatRed Hat Enterprise Lin...5.5MEDIUM

Local Privilege Escalation Vulnerability in Tuned

CVE-2024-52336

Red HatRed Hat Enterprise Lin...7.8HIGH

November 25

Arbitrary HTTP Requests via /api/dev-console/proxy/internet Endpoint

CVE-2024-6538

Red Hat5.3MEDIUM

November 19

Rejected CVE Due to Limited Impact

CVE-2024-1271

Red Hat

November 17

Scope Deletion Vulnerability Affects OpenStack Security

CVE-2023-6110

Red HatRed Hat Openstack Plat...5.5MEDIUM

Attackers Can Steal Data by Exploiting Debezium Database Connector Vulnerability

CVE-2023-1419

Red HatRed Hat Build Of Debezium5.9MEDIUM

November 14

Keycloak Package Vulnerability: LDAP Injection Flaw Discovered

CVE-2022-2232

Red HatRed Hat Single Sign-on 77.5HIGH

November 12

Leakage of Bcc Email Header Field via Inference from Recipients Information

CVE-2024-49395

Red HatRed Hat Enterprise Lin...5.3MEDIUM

Unsigned In-Reply-To Emails Vulnerability Allows Impersonation

CVE-2024-49394

Red HatRed Hat Enterprise Lin...5.3MEDIUM

Email header validation vulnerability risk

CVE-2024-49393

Red HatRed Hat Enterprise Lin...5.9MEDIUM

Ansible-Core Vulnerability Allows Bypass of Unsafe Content Protections

CVE-2024-11079

Red HatRed Hat Ansible Automa...5.5MEDIUM

November 7

Pam_Access Vulnerability: Bypassing Access Restrictions through Token Manipulation

CVE-2024-10963

Red HatRed Hat Enterprise Lin...7.4HIGH

Server Denial of Service Vulnerability Discovered in Undertow's FormAuthenticationMechanism

CVE-2023-1973

Red HatRed Hat Jboss Enterpri...7.5HIGH

HTML Injection Vulnerability in Hibernate Validator

CVE-2023-1932

Red HatA-MQ Clients 26.1MEDIUM

October 31

Heap Corruption Vulnerability in mpg123 Could Lead to Arbitrary Code Execution

CVE-2024-10573

Red HatRed Hat Enterprise Lin...6.7MEDIUM

Vulnerability in Foreman's Loader Macros Could Allow Sensitive Data Access

CVE-2024-8553

Red HatRed Hat Satellite 6.13...6.3MEDIUM

October 30

X.org Server Flaw Allows Buffer Overflow, Denial of Service or Privilege Escalation

CVE-2024-9632

Red HatRed Hat Enterprise Lin...7.8HIGH

October 24

Unauthorized Access via Malformed Basic Authentication in APICast

CVE-2024-10295

Red HatRed Hat 3scale Api Man...7.5HIGH

October 23

Pam: libpam: libpam vulnerable to read hashed password

CVE-2024-10041

Red HatRed Hat Enterprise Lin...4.7MEDIUM

October 22

Graphql: denial of service (dos) vulnerability via graphql batching

CVE-2024-50311

Red HatRed Hat Openshift Cont...6.5MEDIUM

Graphql: information disclosure via graphql introspection in openshift

CVE-2024-50312

Red HatRed Hat Openshift Cont...5.3MEDIUM

Wildfly Deployment System Vulnerability: Cross-Site Scripting Attacks Possible

CVE-2024-10234

Red HatRed Hat Build Of Keycloak6.1MEDIUM

Networkmanager-libreswan: local privilege escalation via leftupdown

CVE-2024-9050

Red HatRed Hat Enterprise Lin...7.8HIGH

October 17

Truncated Passwords Can Still Pose a Risk to Password Security

CVE-2024-9683

Red HatRed Hat Quay 35.3MEDIUM

October 16

Aap-gateway: xss on aap-gateway

CVE-2024-10033

Red HatRed Hat Ansible Automa...6.1MEDIUM

October 15

Podman Vulnerable to Symlink Traversal Attack

CVE-2024-9676

Red HatRed Hat Enterprise Lin...6.5MEDIUM

Use-After-Free Vulnerability in PyO3 Could Lead to Memory Corruption or Crashes

CVE-2024-9979

Red HatRed Hat Ansible Automa...5.3MEDIUM

October 9

System: pdf invoices of the developer users can be seen if the url is known

CVE-2024-9671

Red HatRed Hat 3scale Api Man...5.3MEDIUM

Buildah: buildah allows arbitrary directory mount

CVE-2024-9675

Red HatRed Hat Enterprise Lin...7.8HIGH

October 8

Impact of HTTP Smuggling on Load Balancers and Systems

CVE-2024-9622

Red HatRed Hat Jboss Data Grid 75.3MEDIUM

Quarkus CXF Vulnerability: Hidden Passwords and Secrets at Risk

CVE-2024-9621

Red HatRed Hat Build Of Apach...5.3MEDIUM

Ansible Automation Platform vulnerability

CVE-2024-9620

Red HatRed Hat Ansible Automa...5.3MEDIUM

October 1

Log4j2 CVE Rejected

CVE-2024-8421

Red HatRhodf-4.16-rhel-9

September 26

Cleartext View of Provider Passwords Vulnerability

CVE-2024-7259

Red HatRed Hat Virtualization 44.4MEDIUM

September 20

QEMU Vendor Flaw Affectsvirtio-scsi, virtio-blk, and virtio-crypto Devices

CVE-2024-8612

Red HatRed Hat Enterprise Lin...3.8LOW

September 19

Envoy Proxy Vulnerability Allows Header Manipulation and Request Forgery

CVE-2024-7207

Red HatOpenshift Service Mesh 29.8CRITICAL

Attackers can Redirect Users to Arbitrary URLs, Exposing Sensitive Information

CVE-2024-8883

Red HatRed Hat Build Of Keycloak6.1MEDIUM

Flaw in SAML Signature Validation Method Allows Privilege Escalation or Impersonation Attacks

CVE-2024-8698

Red HatRed Hat Build Of Keycloak👾7.7HIGH

QEMU Flaw May Allow Guest User to Crash Host and Cause Denial of Service

CVE-2024-8354

Red HatRed Hat Enterprise Lin...5.5MEDIUM

PCP Vulnerability: High-Level Privileges for Compromised System Accounts

CVE-2024-45770

Red HatRed Hat Enterprise Lin...4.4MEDIUM

PCP Vulnerability Could Lead to System Misbehavior or Crash

CVE-2024-45769

Red HatRed Hat Enterprise Lin...5.5MEDIUM

September 17

Openshift Builder Vulnerability: Command Injection via Path Traversal

CVE-2024-7387

Red HatRed Hat Openshift Cont...9.1CRITICAL

Unrestricted Access via Crafted .gitconfig File in OpenShift Build Process

CVE-2024-45496

Red HatRed Hat Openshift Cont...9.9CRITICAL

September 14

Ansible Vault Flaw Exposes Sensitive Information in Plaintext

CVE-2024-8775

Red HatRed Hat Ansible Automa...5.5MEDIUM

September 10

Keycloak: amount of attributes per object is not limited and it may lead to dos

CVE-2023-6841

Red HatRed Hat Build Of Quarkus7.5HIGH

Heap-based buffer overflow vulnerability in libopensc OpenPGP driver could lead to arbitrary code execution

CVE-2024-8443

Red HatRed Hat Enterprise Lin...2.9LOW

September 9

Session Fixation Vulnerability in Keycloak SAML Adapters

CVE-2024-7341

Red HatRed Hat Build Of Keycloak7.1HIGH

Vulnerability in FreeOTP Allows Attackers to Abuse System and Compromise Accounts

CVE-2024-7318

Red HatRed Hat Build Of Keycl...4.8MEDIUM

Keycloak Open Redirect Vulnerability Could Lead to Phishing Attacks

CVE-2024-7260

Red HatRed Hat Build Of Keycloak6.1MEDIUM

September 6

Forklift Controller Vulnerability: Missing Authorization Header Security

CVE-2024-8509

Red HatMigration Toolkit For ...7.5HIGH

September 5

Insufficient Fix for Server Crash Vulnerability in 389-ds-base

CVE-2024-8445

Red HatRed Hat Enterprise Lin...5.7MEDIUM

September 4

Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service

CVE-2024-8418

Red HatRed Hat Enterprise Lin...7.5HIGH

Foreman Authentication Bypass Vulnerability

CVE-2024-7012

Red HatRed Hat Satellite 6.13...9.8CRITICAL

Pulpcore Authentication Bypass Vulnerability Affects Satellite Deployments

CVE-2024-7923

Red HatRed Hat Satellite 6.13...9.8CRITICAL

September 3

Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc

CVE-2024-45616

Red HatRed Hat Enterprise Lin...3.9LOW

CVE-2024-45619

Red HatEnterprise Linux4.3MEDIUM

Libopensc: pkcs15init: usage of uninitialized values in libopensc and pkcs15init

CVE-2024-45615

Red HatRed Hat Enterprise Lin...3.9LOW

Libopensc: incorrect handling of the length of buffers or files in pkcs15init

CVE-2024-45620

Red HatRed Hat Enterprise Lin...3.9LOW

Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init

CVE-2024-45618

Red HatRed Hat Enterprise Lin...3.9LOW

Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc

CVE-2024-45617

Red HatRed Hat Enterprise Lin...3.9LOW

August 30

Kroxylicious TLS Connection Flaw: High Complexity Attack with Data Integrity and Confidentiality Impact

CVE-2024-8285

Red HatStreams For Apache Kafka5.9MEDIUM

Crash of virtinterfaced Daemon Due to NULL Pointer Dereference

CVE-2024-8235

Red HatRed Hat Enterprise Lin...6.2MEDIUM

August 21

Undertow ProxyProtocolReadListener Vulnerability

CVE-2024-7885

Red HatRed Hat Build Of Apach...7.5HIGH

OpenStack Platform Vulnerability Exposes Containers to MITM Attacks

CVE-2024-8007

Red HatRed Hat Openstack Plat...8.1HIGH

Insufficient Entropy Vulnerability in Red Hat Openshift Console Allows CSRF Attacks

CVE-2024-6508

Red HatRed Hat Openshift Cont...8HIGH

August 12

Unauthorized Command Execution via Host Registration

CVE-2024-7700

Red HatRed Hat Satellite 66.5MEDIUM

Segmentation Fault Vulnerability in Unbound's ub_ctx_set_fwd Function

CVE-2024-43167

Red HatRed Hat Enterprise Lin...2.8LOW

Unbound: heap-buffer-overflow in unbound

CVE-2024-43168

Red HatRed Hat Enterprise Lin...4.8MEDIUM

Authentication Bypass and Privilege Escalation Vulnerability in OpenShift AI

CVE-2024-7557

Red HatRed Hat Openshift Ai (...8.8HIGH

Libtiff: null pointer dereference in tif_dirinfo.c

CVE-2024-7006

Red HatRed Hat Enterprise Lin...7.5HIGH

Fence Agents Vulnerability can lead to Privilege Escalation

CVE-2024-5651

Red HatFence Agents Remediati...8.8HIGH

August 7

Flaw in Pulp Package Allows Oldest User with Task Permissions to Control Object Creation

CVE-2024-7143

Red HatRed Hat Ansible Automa...8.3HIGH

August 5

QEMU NBD Server Vulnerability: DoS Attack via Socket Closure

CVE-2024-7409

Red HatRed Hat Enterprise Lin...

libnbd TLS Verification Vulnerability Allows Man-in-the-Middle Attack

CVE-2024-7383

Red HatRed Hat Enterprise Lin...7.4HIGH

July 26

Openshift Console Flaw Allows Data Exposure Without Proper Credential Verification

CVE-2024-7128

Red HatRed Hat Openshift Cont...5.3MEDIUM

July 24

Unauthorized Access to /API/helm/verify Endpoint in Openshift

CVE-2024-7079

Red HatRed Hat Openshift Cont...6.5MEDIUM

July 17

Static Cookie Secret Vulnerability in Skupper

CVE-2024-6535

Red HatRed Hat Service Interc...5.3MEDIUM

July 16

Gtk3: gtk2: library injection from cwd

CVE-2024-6655

Red HatRed Hat Enterprise Lin...7HIGH

July 13

Denial of Service Flaw in OpenJPEG Opj_t1_decode_cblks Function

CVE-2023-39329

Red HatRed Hat Enterprise Lin...6.5MEDIUM

OpenJPEG Vulnerability Leads to Terminal Looping

CVE-2023-39327

Red HatRed Hat Enterprise Lin...4.3MEDIUM

July 9

389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request

CVE-2024-6237

Red HatRed Hat Directory Serv...6.5MEDIUM

Openjpeg: denail of service via crafted image file

CVE-2023-39328

Red HatRed Hat Enterprise Lin...5.5MEDIUM

July 8

Undertow Vulnerability: Enabling Learning-Push Handler Can Prevent Attacks

CVE-2024-3653

Red HatRed Hat Jboss Enterpri...5.3MEDIUM

Undertow Vulnerability Leads to Denial of Service Attack

CVE-2024-5971

Red HatRed Hat Build Of Apach...7.5HIGH

Signal Handler Race Condition Vulnerability in OpenSSH sshd

CVE-2024-6409

Red HatRed Hat Enterprise Lin...😄👾7HIGH

July 5

Heap Overflow Vulnerability in QEMU's virtio-net Device

CVE-2024-6505

Red HatRed Hat Enterprise Lin...6.8MEDIUM

July 3

Cockpit Package Vulnerability Leads to Denial of Service Attack

CVE-2024-6126

Red HatRed Hat Enterprise Lin...3.2LOW

July 2

QEMU qemu-img Vulnerability: Memory or CPU Consumption Denial of Service

CVE-2024-4467

Red HatAdvanced Virtualizatio...7.8HIGH

July 1

Signal Handler Race Condition in OpenSSH's Server

CVE-2024-6387

Red HatRed Hat Enterprise Lin...🔥😄👾8.1HIGH

June 21

Pdfinfo Utility Vulnerable to Denial of Service Attack

CVE-2024-6239

Red HatRed Hat Enterprise Lin...7.5HIGH

June 20

Undertow Ajp-Listener Vulnerability: URL-Encoded Request Path Information Can Be Broken

CVE-2024-6162

Red HatEap 8.0.17.5HIGH

June 18

LDAP Endpoint Vulnerability Allows Credentials Leakage

CVE-2024-5967

Red HatRed Hat Build Of Keycloak2.7LOW