Red Hat Latest Vulnerabilities
November 26
Log Spoofing Flaw Found in Tuned Package
CVE-2024-52337
Red HatRed Hat Enterprise Lin...5.5MEDIUM
Local Privilege Escalation Vulnerability in Tuned
CVE-2024-52336
Red HatRed Hat Enterprise Lin...7.8HIGH
November 25
Arbitrary HTTP Requests via /api/dev-console/proxy/internet Endpoint
CVE-2024-6538
Red Hat5.3MEDIUM
November 19
Rejected CVE Due to Limited Impact
CVE-2024-1271
Red Hat
November 17
Scope Deletion Vulnerability Affects OpenStack Security
CVE-2023-6110
Red HatRed Hat Openstack Plat...5.5MEDIUM
Attackers Can Steal Data by Exploiting Debezium Database Connector Vulnerability
CVE-2023-1419
Red HatRed Hat Build Of Debezium5.9MEDIUM
November 14
Keycloak Package Vulnerability: LDAP Injection Flaw Discovered
CVE-2022-2232
Red HatRed Hat Single Sign-on 77.5HIGH
November 12
Leakage of Bcc Email Header Field via Inference from Recipients Information
CVE-2024-49395
Red HatRed Hat Enterprise Lin...5.3MEDIUM
Unsigned In-Reply-To Emails Vulnerability Allows Impersonation
CVE-2024-49394
Red HatRed Hat Enterprise Lin...5.3MEDIUM
Email header validation vulnerability risk
CVE-2024-49393
Red HatRed Hat Enterprise Lin...5.9MEDIUM
Ansible-Core Vulnerability Allows Bypass of Unsafe Content Protections
CVE-2024-11079
Red HatRed Hat Ansible Automa...5.5MEDIUM
November 7
Pam_Access Vulnerability: Bypassing Access Restrictions through Token Manipulation
CVE-2024-10963
Red HatRed Hat Enterprise Lin...7.4HIGH
Server Denial of Service Vulnerability Discovered in Undertow's FormAuthenticationMechanism
CVE-2023-1973
Red HatRed Hat Jboss Enterpri...7.5HIGH
HTML Injection Vulnerability in Hibernate Validator
CVE-2023-1932
Red HatA-MQ Clients 26.1MEDIUM
October 31
Heap Corruption Vulnerability in mpg123 Could Lead to Arbitrary Code Execution
CVE-2024-10573
Red HatRed Hat Enterprise Lin...6.7MEDIUM
Vulnerability in Foreman's Loader Macros Could Allow Sensitive Data Access
CVE-2024-8553
Red HatRed Hat Satellite 6.13...6.3MEDIUM
October 30
X.org Server Flaw Allows Buffer Overflow, Denial of Service or Privilege Escalation
CVE-2024-9632
Red HatRed Hat Enterprise Lin...7.8HIGH
October 24
Unauthorized Access via Malformed Basic Authentication in APICast
CVE-2024-10295
Red HatRed Hat 3scale Api Man...7.5HIGH
October 23
Pam: libpam: libpam vulnerable to read hashed password
CVE-2024-10041
Red HatRed Hat Enterprise Lin...4.7MEDIUM
October 22
Graphql: information disclosure via graphql introspection in openshift
CVE-2024-50312
Red HatRed Hat Openshift Cont...5.3MEDIUM
Graphql: denial of service (dos) vulnerability via graphql batching
CVE-2024-50311
Red HatRed Hat Openshift Cont...6.5MEDIUM
Wildfly Deployment System Vulnerability: Cross-Site Scripting Attacks Possible
CVE-2024-10234
Red HatRed Hat Build Of Keycloak6.1MEDIUM
Networkmanager-libreswan: local privilege escalation via leftupdown
CVE-2024-9050
Red HatRed Hat Enterprise Lin...7.8HIGH
October 17
Truncated Passwords Can Still Pose a Risk to Password Security
CVE-2024-9683
Red HatRed Hat Quay 35.3MEDIUM
October 16
Aap-gateway: xss on aap-gateway
CVE-2024-10033
Red HatRed Hat Ansible Automa...6.1MEDIUM
October 15
Podman Vulnerable to Symlink Traversal Attack
CVE-2024-9676
Red HatRed Hat Openshift Cont...6.5MEDIUM
Use-After-Free Vulnerability in PyO3 Could Lead to Memory Corruption or Crashes
CVE-2024-9979
Red HatRed Hat Ansible Automa...5.3MEDIUM
October 9
Low-Privilege Users Can Access Administrative Functionalities, Risking Data Breaches or System Compromise
CVE-2024-3656
Red HatRed Hat Build Of Keycloak😄👾8.1HIGH
System: pdf invoices of the developer users can be seen if the url is known
CVE-2024-9671
Red HatRed Hat 3scale Api Man...5.3MEDIUM
Buildah: buildah allows arbitrary directory mount
CVE-2024-9675
Red HatRed Hat Enterprise Lin...4.4MEDIUM
October 8
Impact of HTTP Smuggling on Load Balancers and Systems
CVE-2024-9622
Red HatRed Hat Jboss Data Grid 75.3MEDIUM
Quarkus CXF Vulnerability: Hidden Passwords and Secrets at Risk
CVE-2024-9621
Red HatRed Hat Build Of Apach...5.3MEDIUM
Ansible Automation Platform vulnerability
CVE-2024-9620
Red HatRed Hat Ansible Automa...5.3MEDIUM
October 1
Dockerfile Run --mount Vulnerability: Arbitrary File Modification
CVE-2024-9407
Red HatRed Hat Enterprise Lin...4.7MEDIUM
Flaw in Go Container Runtimes Allows Attackers to Bypass Isolation
CVE-2024-9341
Red HatRed Hat Enterprise Lin...8.2HIGH
Golang OpenSSL Vulnerability Affects FIPS Mode
CVE-2024-9355
Red HatRed Hat Enterprise Lin...6.5MEDIUM
Log4j2 CVE Rejected
CVE-2024-8421
Red HatRhodf-4.16-rhel-9
September 26
Cleartext View of Provider Passwords Vulnerability
CVE-2024-7259
Red HatRed Hat Virtualization 44.4MEDIUM
September 20
QEMU Vendor Flaw Affectsvirtio-scsi, virtio-blk, and virtio-crypto Devices
CVE-2024-8612
Red HatRed Hat Enterprise Lin...3.8LOW
September 19
Envoy Proxy Vulnerability Allows Header Manipulation and Request Forgery
CVE-2024-7207
Red HatOpenshift Service Mesh 29.8CRITICAL
Attackers can Redirect Users to Arbitrary URLs, Exposing Sensitive Information
CVE-2024-8883
Red HatRed Hat Build Of Keycloak6.1MEDIUM
Flaw in SAML Signature Validation Method Allows Privilege Escalation or Impersonation Attacks
CVE-2024-8698
Red HatRed Hat Build Of Keycloak👾7.7HIGH
QEMU Flaw May Allow Guest User to Crash Host and Cause Denial of Service
CVE-2024-8354
Red HatRed Hat Enterprise Lin...5.5MEDIUM
PCP Vulnerability: High-Level Privileges for Compromised System Accounts
CVE-2024-45770
Red HatRed Hat Enterprise Lin...4.4MEDIUM
PCP Vulnerability Could Lead to System Misbehavior or Crash
CVE-2024-45769
Red HatRed Hat Enterprise Lin...5.5MEDIUM
September 17
Openshift Builder Vulnerability: Command Injection via Path Traversal
CVE-2024-7387
Red HatRed Hat Openshift Cont...9.1CRITICAL
Unrestricted Access via Crafted .gitconfig File in OpenShift Build Process
CVE-2024-45496
Red HatRed Hat Openshift Cont...9.9CRITICAL
September 14
Ansible Vault Flaw Exposes Sensitive Information in Plaintext
CVE-2024-8775
Red HatRed Hat Ansible Automa...5.5MEDIUM
September 10
Keycloak: amount of attributes per object is not limited and it may lead to dos
CVE-2023-6841
Red HatRed Hat Build Of Quarkus7.5HIGH
Heap-based buffer overflow vulnerability in libopensc OpenPGP driver could lead to arbitrary code execution
CVE-2024-8443
Red HatRed Hat Enterprise Lin...2.9LOW
September 9
Session Fixation Vulnerability in Keycloak SAML Adapters
CVE-2024-7341
Red HatRed Hat Build Of Keycloak7.1HIGH
Vulnerability in FreeOTP Allows Attackers to Abuse System and Compromise Accounts
CVE-2024-7318
Red HatRed Hat Build Of Keycl...4.8MEDIUM
Keycloak Open Redirect Vulnerability Could Lead to Phishing Attacks
CVE-2024-7260
Red HatRed Hat Build Of Keycloak6.1MEDIUM
September 6
Forklift Controller Vulnerability: Missing Authorization Header Security
CVE-2024-8509
Red HatMigration Toolkit For ...7.5HIGH
September 5
Insufficient Fix for Server Crash Vulnerability in 389-ds-base
CVE-2024-8445
Red HatRed Hat Enterprise Lin...5.7MEDIUM
September 4
Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service
CVE-2024-8418
Red HatRed Hat Enterprise Lin...7.5HIGH
Pulpcore Authentication Bypass Vulnerability Affects Satellite Deployments
CVE-2024-7923
Red HatRed Hat Satellite 6.13...9.8CRITICAL
Foreman Authentication Bypass Vulnerability
CVE-2024-7012
Red HatRed Hat Satellite 6.13...9.8CRITICAL
September 3
Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init
CVE-2024-45618
Red HatRed Hat Enterprise Lin...3.9LOW
Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc
CVE-2024-45616
Red HatRed Hat Enterprise Lin...3.9LOW
Libopensc: pkcs15init: usage of uninitialized values in libopensc and pkcs15init
CVE-2024-45615
Red HatRed Hat Enterprise Lin...3.9LOW
Libopensc: incorrect handling of the length of buffers or files in pkcs15init
CVE-2024-45620
Red HatRed Hat Enterprise Lin...3.9LOW
CVE-2024-45619
Red HatEnterprise Linux4.3MEDIUM
Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc
CVE-2024-45617
Red HatRed Hat Enterprise Lin...3.9LOW
Keycloak: potential bypass of brute force protection
CVE-2024-4629
Red HatRed Hat Build Of Keycloak6.5MEDIUM
August 30
Kroxylicious TLS Connection Flaw: High Complexity Attack with Data Integrity and Confidentiality Impact
CVE-2024-8285
Red HatStreams For Apache Kafka5.9MEDIUM
Crash of virtinterfaced Daemon Due to NULL Pointer Dereference
CVE-2024-8235
Red HatRed Hat Enterprise Lin...6.2MEDIUM
August 21
Undertow ProxyProtocolReadListener Vulnerability
CVE-2024-7885
Red HatRed Hat Build Of Apach...7.5HIGH
OpenStack Platform Vulnerability Exposes Containers to MITM Attacks
CVE-2024-8007
Red HatRed Hat Openstack Plat...8.1HIGH
Insufficient Entropy Vulnerability in Red Hat Openshift Console Allows CSRF Attacks
CVE-2024-6508
Red HatRed Hat Openshift Cont...8HIGH
August 12
Unauthorized Command Execution via Host Registration
CVE-2024-7700
Red HatRed Hat Satellite 66.5MEDIUM
Unbound: heap-buffer-overflow in unbound
CVE-2024-43168
Red HatRed Hat Enterprise Lin...4.8MEDIUM
Authentication Bypass and Privilege Escalation Vulnerability in OpenShift AI
CVE-2024-7557
Red HatRed Hat Openshift Ai (...8.8HIGH
Segmentation Fault Vulnerability in Unbound's ub_ctx_set_fwd Function
CVE-2024-43167
Red HatRed Hat Enterprise Lin...2.8LOW
Libtiff: null pointer dereference in tif_dirinfo.c
CVE-2024-7006
Red HatRed Hat Enterprise Lin...7.5HIGH
Fence Agents Vulnerability can lead to Privilege Escalation
CVE-2024-5651
Red HatFence Agents Remediati...8.8HIGH
August 7
Flaw in Pulp Package Allows Oldest User with Task Permissions to Control Object Creation
CVE-2024-7143
Red HatRed Hat Ansible Automa...8.3HIGH
August 5
QEMU NBD Server Vulnerability: DoS Attack via Socket Closure
CVE-2024-7409
Red HatRed Hat Enterprise Lin...
libnbd TLS Verification Vulnerability Allows Man-in-the-Middle Attack
CVE-2024-7383
Red HatRed Hat Enterprise Lin...7.4HIGH
August 2
Podman Vulnerability Leads to Memory-Based Denial of Service
CVE-2024-3056
Red HatRed Hat Enterprise Lin...7.7HIGH
July 26
Openshift Console Flaw Allows Data Exposure Without Proper Credential Verification
CVE-2024-7128
Red HatRed Hat Openshift Cont...5.3MEDIUM
July 24
Unauthorized Access to /API/helm/verify Endpoint in Openshift
CVE-2024-7079
Red HatRed Hat Openshift Cont...6.5MEDIUM
July 17
Static Cookie Secret Vulnerability in Skupper
CVE-2024-6535
Red HatRed Hat Service Interc...5.3MEDIUM
July 16
Gtk3: gtk2: library injection from cwd
CVE-2024-6655
Red HatRed Hat Enterprise Lin...7HIGH
July 13
Denial of Service Flaw in OpenJPEG Opj_t1_decode_cblks Function
CVE-2023-39329
Red HatRed Hat Enterprise Lin...6.5MEDIUM
OpenJPEG Vulnerability Leads to Terminal Looping
CVE-2023-39327
Red HatRed Hat Enterprise Lin...4.3MEDIUM
July 9
389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request
CVE-2024-6237
Red HatRed Hat Directory Serv...6.5MEDIUM
Openjpeg: denail of service via crafted image file
CVE-2023-39328
Red HatRed Hat Enterprise Lin...5.5MEDIUM
July 8
Undertow Vulnerability: Enabling Learning-Push Handler Can Prevent Attacks
CVE-2024-3653
Red HatRed Hat Jboss Enterpri...5.3MEDIUM
Undertow Vulnerability Leads to Denial of Service Attack
CVE-2024-5971
Red HatRed Hat Build Of Apach...7.5HIGH
Signal Handler Race Condition Vulnerability in OpenSSH sshd
CVE-2024-6409
Red HatRed Hat Enterprise Lin...😄👾7HIGH
July 5
Heap Overflow Vulnerability in QEMU's virtio-net Device
CVE-2024-6505
Red HatRed Hat Enterprise Lin...6.8MEDIUM
July 3
Cockpit Package Vulnerability Leads to Denial of Service Attack
CVE-2024-6126
Red HatRed Hat Enterprise Lin...3.2LOW
July 2
QEMU qemu-img Vulnerability: Memory or CPU Consumption Denial of Service
CVE-2024-4467
Red HatAdvanced Virtualizatio...7.8HIGH
July 1
Signal Handler Race Condition in OpenSSH's Server
CVE-2024-6387
Red HatRed Hat Enterprise Lin...🔥😄👾8.1HIGH
June 21
Pdfinfo Utility Vulnerable to Denial of Service Attack
CVE-2024-6239
Red HatRed Hat Enterprise Lin...7.5HIGH
June 20
Undertow Ajp-Listener Vulnerability: URL-Encoded Request Path Information Can Be Broken
CVE-2024-6162
Red HatEap 8.0.17.5HIGH
June 18
LDAP Endpoint Vulnerability Allows Credentials Leakage
CVE-2024-5967
Red HatRed Hat Build Of Keycloak2.7LOW
Denial of Service Vulnerability in 389-ds-base LDAP Server
CVE-2024-5953
Red HatRed Hat Directory Serv...5.7MEDIUM
June 12
Quay: unauthorized user may authenticate via oauth application token
CVE-2024-5891
Red HatRed Hat Quay 34.2MEDIUM