Red Hat Latest Vulnerabilities

November 19

Rejected CVE Due to Limited Impact

CVE-2024-1271

Red Hat

November 17

Attackers Can Steal Data by Exploiting Debezium Database Connector Vulnerability

CVE-2023-1419

Red HatRed Hat Build Of Debezium5.9MEDIUM

November 14

Keycloak Package Vulnerability: LDAP Injection Flaw Discovered

CVE-2022-2232

Red HatRed Hat Single Sign-on 77.5HIGH

November 12

Leakage of Bcc Email Header Field via Inference from Recipients Information

CVE-2024-49395

Red HatRed Hat Enterprise Lin...5.3MEDIUM

Unsigned In-Reply-To Emails Vulnerability Allows Impersonation

CVE-2024-49394

Red HatRed Hat Enterprise Lin...5.3MEDIUM

Email header validation vulnerability risk

CVE-2024-49393

Red HatRed Hat Enterprise Lin...5.9MEDIUM

Ansible-Core Vulnerability Allows Bypass of Unsafe Content Protections

CVE-2024-11079

Red HatRed Hat Ansible Automa...5.5MEDIUM

November 7

Pam_Access Vulnerability: Bypassing Access Restrictions through Token Manipulation

CVE-2024-10963

Red HatRed Hat Enterprise Lin...7.4HIGH

Server Denial of Service Vulnerability Discovered in Undertow's FormAuthenticationMechanism

CVE-2023-1973

Red HatRed Hat Jboss Enterpri...7.5HIGH

HTML Injection Vulnerability in Hibernate Validator

CVE-2023-1932

Red HatA-MQ Clients 26.1MEDIUM

October 31

Heap Corruption Vulnerability in mpg123 Could Lead to Arbitrary Code Execution

CVE-2024-10573

Red HatRed Hat Enterprise Lin...6.7MEDIUM

Vulnerability in Foreman's Loader Macros Could Allow Sensitive Data Access

CVE-2024-8553

Red HatRed Hat Satellite 6.13...6.3MEDIUM

October 30

X.org Server Flaw Allows Buffer Overflow, Denial of Service or Privilege Escalation

CVE-2024-9632

Red HatRed Hat Enterprise Lin...7.8HIGH

October 24

Unauthorized Access via Malformed Basic Authentication in APICast

CVE-2024-10295

Red HatRed Hat 3scale Api Man...7.5HIGH

October 23

Pam: libpam: libpam vulnerable to read hashed password

CVE-2024-10041

Red HatRed Hat Enterprise Lin...4.7MEDIUM

October 22

Graphql: denial of service (dos) vulnerability via graphql batching

CVE-2024-50311

Red HatRed Hat Openshift Cont...6.5MEDIUM

Graphql: information disclosure via graphql introspection in openshift

CVE-2024-50312

Red HatRed Hat Openshift Cont...5.3MEDIUM

Wildfly Deployment System Vulnerability: Cross-Site Scripting Attacks Possible

CVE-2024-10234

Red HatRed Hat Build Of Keycloak7.3HIGH

Networkmanager-libreswan: local privilege escalation via leftupdown

CVE-2024-9050

Red HatRed Hat Enterprise Lin...7.8HIGH

October 17

Truncated Passwords Can Still Pose a Risk to Password Security

CVE-2024-9683

Red HatRed Hat Quay 34.8MEDIUM

October 16

Aap-gateway: xss on aap-gateway

CVE-2024-10033

Red HatRed Hat Ansible Automa...6.1MEDIUM

October 15

Podman Vulnerable to Symlink Traversal Attack

CVE-2024-9676

Red HatRed Hat Openshift Cont...6.5MEDIUM

Use-After-Free Vulnerability in PyO3 Could Lead to Memory Corruption or Crashes

CVE-2024-9979

Red HatRed Hat Ansible Automa...5.3MEDIUM

October 9

Low-Privilege Users Can Access Administrative Functionalities, Risking Data Breaches or System Compromise

CVE-2024-3656

Red HatRed Hat Build Of Keycloak😄👾8.1HIGH

Buildah: buildah allows arbitrary directory mount

CVE-2024-9675

Red HatRed Hat Enterprise Lin...4.4MEDIUM

October 8

Impact of HTTP Smuggling on Load Balancers and Systems

CVE-2024-9622

Red HatRed Hat Jboss Data Grid 75.3MEDIUM

Quarkus CXF Vulnerability: Hidden Passwords and Secrets at Risk

CVE-2024-9621

Red HatRed Hat Build Of Apach...5.3MEDIUM

Ansible Automation Platform vulnerability

CVE-2024-9620

Red HatRed Hat Ansible Automa...5.3MEDIUM

October 1

Dockerfile Run --mount Vulnerability: Arbitrary File Modification

CVE-2024-9407

Red HatRed Hat Enterprise Lin...4.7MEDIUM

Flaw in Go Container Runtimes Allows Attackers to Bypass Isolation

CVE-2024-9341

Red HatRed Hat Enterprise Lin...5.4MEDIUM

Golang OpenSSL Vulnerability Affects FIPS Mode

CVE-2024-9355

Red HatRed Hat Enterprise Lin...6.5MEDIUM

Log4j2 CVE Rejected

CVE-2024-8421

Red HatRhodf-4.16-rhel-9

September 26

Cleartext View of Provider Passwords Vulnerability

CVE-2024-7259

Red HatRed Hat Virtualization 44.4MEDIUM

September 20

QEMU Vendor Flaw Affectsvirtio-scsi, virtio-blk, and virtio-crypto Devices

CVE-2024-8612

Red HatRed Hat Enterprise Lin...3.8LOW

September 19

Envoy Proxy Vulnerability Allows Header Manipulation and Request Forgery

CVE-2024-7207

Red HatOpenshift Service Mesh 29.8CRITICAL

Attackers can Redirect Users to Arbitrary URLs, Exposing Sensitive Information

CVE-2024-8883

Red HatRed Hat Build Of Keycloak6.1MEDIUM

Flaw in SAML Signature Validation Method Allows Privilege Escalation or Impersonation Attacks

CVE-2024-8698

Red HatRed Hat Build Of Keycloak👾7.7HIGH

QEMU Flaw May Allow Guest User to Crash Host and Cause Denial of Service

CVE-2024-8354

Red HatRed Hat Enterprise Lin...5.5MEDIUM

PCP Vulnerability: High-Level Privileges for Compromised System Accounts

CVE-2024-45770

Red HatRed Hat Enterprise Lin...4.4MEDIUM

PCP Vulnerability Could Lead to System Misbehavior or Crash

CVE-2024-45769

Red HatRed Hat Enterprise Lin...5.5MEDIUM

September 17

Openshift Builder Vulnerability: Command Injection via Path Traversal

CVE-2024-7387

Red HatRed Hat Openshift Cont...9.1CRITICAL

Unrestricted Access via Crafted .gitconfig File in OpenShift Build Process

CVE-2024-45496

Red HatRed Hat Openshift Cont...9.9CRITICAL

September 14

Ansible Vault Flaw Exposes Sensitive Information in Plaintext

CVE-2024-8775

Red HatRed Hat Ansible Automa...5.5MEDIUM

September 10

Keycloak: amount of attributes per object is not limited and it may lead to dos

CVE-2023-6841

Red HatRed Hat Build Of Quarkus7.5HIGH

Heap-based buffer overflow vulnerability in libopensc OpenPGP driver could lead to arbitrary code execution

CVE-2024-8443

Red HatRed Hat Enterprise Lin...2.9LOW

September 9

Session Fixation Vulnerability in Keycloak SAML Adapters

CVE-2024-7341

Red HatRed Hat Build Of Keycloak7.1HIGH

Vulnerability in FreeOTP Allows Attackers to Abuse System and Compromise Accounts

CVE-2024-7318

Red HatRed Hat Build Of Keycl...4.8MEDIUM

Keycloak Open Redirect Vulnerability Could Lead to Phishing Attacks

CVE-2024-7260

Red HatRed Hat Build Of Keycloak6.1MEDIUM

September 6

Forklift Controller Vulnerability: Missing Authorization Header Security

CVE-2024-8509

Red HatMigration Toolkit For ...7.5HIGH

September 5

Insufficient Fix for Server Crash Vulnerability in 389-ds-base

CVE-2024-8445

Red HatRed Hat Enterprise Lin...5.7MEDIUM

September 4

Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service

CVE-2024-8418

Red HatRed Hat Enterprise Lin...7.5HIGH

Foreman Authentication Bypass Vulnerability

CVE-2024-7012

Red HatRed Hat Satellite 6.13...9.8CRITICAL

Pulpcore Authentication Bypass Vulnerability Affects Satellite Deployments

CVE-2024-7923

Red HatRed Hat Satellite 6.13...9.8CRITICAL

September 3

Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc

CVE-2024-45617

Red HatRed Hat Enterprise Lin...3.9LOW

Libopensc: incorrect handling of the length of buffers or files in pkcs15init

CVE-2024-45620

Red HatRed Hat Enterprise Lin...3.9LOW

Libopensc: pkcs15init: usage of uninitialized values in libopensc and pkcs15init

CVE-2024-45615

Red HatRed Hat Enterprise Lin...3.9LOW

CVE-2024-45619

Red HatEnterprise Linux4.3MEDIUM

Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init

CVE-2024-45618

Red HatRed Hat Enterprise Lin...3.9LOW

Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc

CVE-2024-45616

Red HatRed Hat Enterprise Lin...3.9LOW

Keycloak: potential bypass of brute force protection

CVE-2024-4629

Red HatRed Hat Build Of Keycloak6.5MEDIUM

August 30

Kroxylicious TLS Connection Flaw: High Complexity Attack with Data Integrity and Confidentiality Impact

CVE-2024-8285

Red HatStreams For Apache Kafka5.9MEDIUM

Crash of virtinterfaced Daemon Due to NULL Pointer Dereference

CVE-2024-8235

Red HatRed Hat Enterprise Lin...6.2MEDIUM

August 21

Undertow ProxyProtocolReadListener Vulnerability

CVE-2024-7885

Red HatRed Hat Build Of Apach...7.5HIGH

OpenStack Platform Vulnerability Exposes Containers to MITM Attacks

CVE-2024-8007

Red HatRed Hat Openstack Plat...8.1HIGH

Insufficient Entropy Vulnerability in Red Hat Openshift Console Allows CSRF Attacks

CVE-2024-6508

Red HatRed Hat Openshift Cont...8HIGH

August 12

Unauthorized Command Execution via Host Registration

CVE-2024-7700

Red HatRed Hat Satellite 66.5MEDIUM

Libtiff: null pointer dereference in tif_dirinfo.c

CVE-2024-7006

Red HatRed Hat Enterprise Lin...7.5HIGH

Segmentation Fault Vulnerability in Unbound's ub_ctx_set_fwd Function

CVE-2024-43167

Red HatRed Hat Enterprise Lin...2.8LOW

Authentication Bypass and Privilege Escalation Vulnerability in OpenShift AI

CVE-2024-7557

Red HatRed Hat Openshift Ai (...8.8HIGH

Unbound: heap-buffer-overflow in unbound

CVE-2024-43168

Red HatRed Hat Enterprise Lin...4.8MEDIUM

Fence Agents Vulnerability can lead to Privilege Escalation

CVE-2024-5651

Red HatFence Agents Remediati...8.8HIGH

August 7

Flaw in Pulp Package Allows Oldest User with Task Permissions to Control Object Creation

CVE-2024-7143

Red HatRed Hat Ansible Automa...8.3HIGH

August 5

QEMU NBD Server Vulnerability: DoS Attack via Socket Closure

CVE-2024-7409

Red HatRed Hat Enterprise Lin...

libnbd TLS Verification Vulnerability Allows Man-in-the-Middle Attack

CVE-2024-7383

Red HatRed Hat Enterprise Lin...7.4HIGH

August 2

Podman Vulnerability Leads to Memory-Based Denial of Service

CVE-2024-3056

Red HatRed Hat Enterprise Lin...7.7HIGH

July 26

Openshift Console Flaw Allows Data Exposure Without Proper Credential Verification

CVE-2024-7128

Red HatRed Hat Openshift Cont...5.3MEDIUM

July 24

Unauthorized Access to /API/helm/verify Endpoint in Openshift

CVE-2024-7079

Red HatRed Hat Openshift Cont...6.5MEDIUM

July 17

Static Cookie Secret Vulnerability in Skupper

CVE-2024-6535

Red HatRed Hat Service Interc...5.3MEDIUM

July 16

Gtk3: gtk2: library injection from cwd

CVE-2024-6655

Red HatRed Hat Enterprise Lin...7HIGH

July 13

OpenJPEG Vulnerability Leads to Terminal Looping

CVE-2023-39327

Red HatRed Hat Enterprise Lin...4.3MEDIUM

Denial of Service Flaw in OpenJPEG Opj_t1_decode_cblks Function

CVE-2023-39329

Red HatRed Hat Enterprise Lin...6.5MEDIUM

July 9

389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request

CVE-2024-6237

Red HatRed Hat Directory Serv...6.5MEDIUM

Openjpeg: denail of service via crafted image file

CVE-2023-39328

Red HatRed Hat Enterprise Lin...5.5MEDIUM

July 8

Undertow Vulnerability: Enabling Learning-Push Handler Can Prevent Attacks

CVE-2024-3653

Red HatRed Hat Jboss Enterpri...5.3MEDIUM

Undertow Vulnerability Leads to Denial of Service Attack

CVE-2024-5971

Red HatRed Hat Build Of Apach...7.5HIGH

Signal Handler Race Condition Vulnerability in OpenSSH sshd

CVE-2024-6409

Red HatRed Hat Enterprise Lin...😄👾7HIGH

July 5

Heap Overflow Vulnerability in QEMU's virtio-net Device

CVE-2024-6505

Red HatRed Hat Enterprise Lin...6.8MEDIUM

July 3

Cockpit Package Vulnerability Leads to Denial of Service Attack

CVE-2024-6126

Red HatRed Hat Enterprise Lin...3.2LOW

July 2

QEMU qemu-img Vulnerability: Memory or CPU Consumption Denial of Service

CVE-2024-4467

Red HatAdvanced Virtualizatio...7.8HIGH

July 1

Signal Handler Race Condition in OpenSSH's Server

CVE-2024-6387

Red HatRed Hat Enterprise Lin...🔥😄👾8.1HIGH

June 21

Pdfinfo Utility Vulnerable to Denial of Service Attack

CVE-2024-6239

Red HatRed Hat Enterprise Lin...7.5HIGH

June 20

Undertow Ajp-Listener Vulnerability: URL-Encoded Request Path Information Can Be Broken

CVE-2024-6162

Red HatEap 8.0.17.5HIGH

June 18

LDAP Endpoint Vulnerability Allows Credentials Leakage

CVE-2024-5967

Red HatRed Hat Build Of Keycloak2.7LOW

Denial of Service Vulnerability in 389-ds-base LDAP Server

CVE-2024-5953

Red HatRed Hat Directory Serv...5.7MEDIUM

June 12

Quay: unauthorized user may authenticate via oauth application token

CVE-2024-5891

Red HatRed Hat Quay 34.2MEDIUM

GNU Nano Vulnerability Allows Privilege Escalation Through Insecure Temporary File

CVE-2024-5742

Red HatRed Hat Enterprise Lin...6.7MEDIUM

Keycloak CSRF Flaw Allows Attackers to Trick Users into Authenticating with Malicious Accounts

CVE-2024-5203

Red HatRed Hat Build Of Keycloak

Container Orchestration Flaw Allows Arbitrary File Access

CVE-2024-5154

Red HatRed Hat Openshift Cont...8.1HIGH

FreeIPA Vulnerability Allows Brute Force Attacks on Principal Passwords

CVE-2024-3183

Red HatRed Hat Enterprise Lin...👾8.1HIGH

Missing condition for granting 'forwardable' flag on S4U2Self tickets

CVE-2024-2698

Red HatRed Hat Enterprise Lin...8.8HIGH