Vulnerabilities in RED HAT

1,504 results
CVE-2022-4245MEDIUMCodehaus-plexus: xml external entity (xxe) injectionEPSS 0.7%CVE-2025-32913HIGHLibsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition headerEPSS 0.7%CVE-2024-11738MEDIUMRustls: rustls network-reachable panic in `acceptor::accept`EPSS 0.7%CVE-2026-4111HIGHLibarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchiveEPSS 0.7%CVE-2019-3845HIGHA lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before EPSS 0.7%CVE-2020-10727A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plainEPSS 0.7%CVE-2024-4369MEDIUMCluster-image-registry-operator: exposes a secret via env variable in pod definition on azureEPSS 0.7%CVE-2023-7090MEDIUMSudo: improper handling of ipa_hostname leads to privilege mismanagementEPSS 0.7%CVE-2019-14866MEDIUMIn all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR arcEPSS 0.7%CVE-2026-26157HIGHBusybox: busybox: arbitrary file overwrite and potential code execution via incomplete path sanitizationEPSS 0.7%CVE-2024-52616MEDIUMAvahi: avahi wide-area dns predictable transaction idsEPSS 0.7%CVE-2019-3891MEDIUMIt was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the CanEPSS 0.7%CVE-2026-28369HIGHUndertow: undertow: request smuggling via malformed http request headersEPSS 0.7%CVE-2024-8768HIGHVllm: a completions api request with an empty prompt will crash the vllm api server.EPSS 0.7%CVE-2023-5349MEDIUMDraw while calling getdrawinfo()EPSS 0.7%CVE-2019-3876MEDIUMA flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to EPSS 0.7%CVE-2025-0690MEDIUMGrub2: read: integer overflow may lead to out-of-bounds writeEPSS 0.7%CVE-2023-3971HIGHController: html injection in custom login infoEPSS 0.7%CVE-2025-2784HIGHLibsoup: heap buffer over-read in `skip_insignificant_space` when sniffing contentEPSS 0.7%CVE-2025-49794CRITICALLibxml: heap use after free (uaf) leads to denial of service (dos)EPSS 0.7%