Vulnerabilities in RED HAT
1,504 resultsCVE-2026-3832LOWGnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp responseEPSS 0.7%CVE-2025-32990MEDIUMGnutls: vulnerability in gnutls certtool template parsingEPSS 0.7%CVE-2023-4503MEDIUMEap-galleon: custom provisioning creates unsecured http-invokerEPSS 0.7%CVE-2023-3640HIGHKernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user spaceEPSS 0.7%CVE-2023-6267HIGHQuarkus: json payload getting processed prior to security checks when rest resources are used with annotations.EPSS 0.7%CVE-2024-28834MEDIUMGnutls: vulnerable to minerva side-channel information leakEPSS 0.7%CVE-2019-10159MEDIUMcfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration EPSS 0.7%CVE-2023-5380MEDIUMXorg-x11-server: use-after-free bug in destroywindowEPSS 0.7%CVE-2019-10201HIGHIt was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML EPSS 0.7%CVE-2023-6717MEDIUMKeycloak: xss via assertion consumer service url in saml post-binding flowEPSS 0.7%CVE-2022-3962MEDIUMKiali: error message spoofing in kiali uiEPSS 0.7%CVE-2023-1625HIGHInformation leak in apiEPSS 0.7%CVE-2024-0822HIGHOvirt: authentication bypassEPSS 0.7%CVE-2023-2974MEDIUMQuarkus-core: tls protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported tls protocolEPSS 0.7%CVE-2026-28367HIGHUndertow: undertow: request smuggling via `\r\r\r` as a header block terminatorEPSS 0.7%CVE-2026-28368HIGHUndertow: undertow: request smuggling via inconsistent header parsingEPSS 0.7%CVE-2019-3872MEDIUMIt was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x anEPSS 0.7%CVE-2025-10725CRITICALOpenshift-ai: overly permissive clusterrole allows authenticated users to escalate privileges to cluster adminEPSS 0.7%CVE-2022-4132MEDIUMMemory leak on tls connectionsEPSS 0.7%CVE-2023-2585LOWKeycloak: client access via device auth request spoofEPSS 0.7%