Vulnerabilities in RED HAT
1,512 resultsCVE-2024-7318MEDIUMKeycloak-core: one time passcode (otp) is valid longer than expiration timeseverityEPSS 0.4%CVE-2024-8007HIGHOpenstack-tripleo-common: rhosp director disables tls verification for registry mirrorsEPSS 0.4%CVE-2026-8830MEDIUMKeycloak: org.keycloak/keycloak-services: keycloak: policy bypass during webauthn credential registration via client-side javascript manipulationEPSS 0.4%CVE-2024-9675HIGHBuildah: buildah allows arbitrary directory mountEPSS 0.4%CVE-2024-7383HIGHLibnbd: nbd server improper certificate validationEPSS 0.4%CVE-2023-3347MEDIUMSamba: smb2 packet signing is not enforced when "server signing = required" is setEPSS 0.4%CVE-2024-7319MEDIUMOpenstack-heat: incomplete fix for cve-2023-1625EPSS 0.4%CVE-2025-6020HIGHLinux-pam: linux-pam directory traversalEPSS 0.4%CVE-2023-32665MEDIUMGvariant deserialisation does not match spec for non-normal dataEPSS 0.4%CVE-2025-14025HIGHAnsible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictionsEPSS 0.4%CVE-2023-5366HIGHOpenvswitch don't match packets on nd_target fieldEPSS 0.4%CVE-2024-10295HIGHGateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a requestEPSS 0.4%CVE-2024-28835MEDIUMGnutls: potential crash during chain building/verificationEPSS 0.4%CVE-2025-10939LOWOrg.keycloak/keycloak-quarkus-server: unable to restrict access to the admin consoleEPSS 0.4%CVE-2023-34432HIGHHeap-buffer-overflow in src/formats_i.cEPSS 0.4%CVE-2025-3501HIGHOrg.keycloak.protocol.services: keycloak hostname verificationEPSS 0.4%CVE-2025-66287HIGHWebkitgtk: processing maliciously crafted web content may lead to an unexpected process crashEPSS 0.4%CVE-2023-25588MEDIUMField `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`EPSS 0.4%CVE-2019-10165LOWOpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenSEPSS 0.4%CVE-2025-12805HIGHLlama-stack-k8s-operator: llama stack service exposed across namespaces due to missing networkpolicyEPSS 0.4%