Vulnerabilities in RED HAT
1,512 resultsCVE-2017-2663HIGHIt was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and cEPSS 0.4%CVE-2024-2494MEDIUMLibvirt: negative g_new0 length can lead to unbounded memory allocationEPSS 0.4%CVE-2025-13881LOWOrg.keycloak.services.resources.admin: keycloak: limited administrator can retrieve sensitive user attributes via admin apiEPSS 0.4%CVE-2026-1180MEDIUMOrg.keycloak.protocol.oidc: blind server-side request forgery (ssrf) in keycloak oidc dynamic client registration via jwks_uriEPSS 0.4%CVE-2024-43167LOWUnbound: null pointer dereference in unboundEPSS 0.4%CVE-2020-1737HIGHA flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip moEPSS 0.4%CVE-2026-0707MEDIUMKeycloak: keycloak authorization header parsing leading to potential security control bypassEPSS 0.4%CVE-2024-11217MEDIUMOauth-server-container: oauth-server-container logs client secret in debug levelEPSS 0.4%CVE-2025-49177MEDIUMXorg-x11-server-xwayland: xorg-x11-server: tigervnc: data leak in xfixes extension's xfixessetclientdisconnectmodeEPSS 0.4%CVE-2024-7079MEDIUMOpenshift-console: unauthenticated installation of helm chartsEPSS 0.4%CVE-2025-47711MEDIUMNbdkit: nbdkit-server: off-by-one error when processing block status may lead to a denial of serviceEPSS 0.4%CVE-2026-28296MEDIUMGvfs: ftp gvfs backend: arbitrary ftp command injection via crlf sequences in file pathsEPSS 0.4%CVE-2020-10690MEDIUMThere is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deaEPSS 0.4%CVE-2025-26594HIGHX.org: xwayland: use-after-free of the root cursorEPSS 0.4%CVE-2025-26600HIGHXorg: xwayland: use-after-free in playreleasedevents()EPSS 0.4%CVE-2014-8181—The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to EPSS 0.4%CVE-2025-26601HIGHXorg: xwayland: use-after-free in syncinittrigger()EPSS 0.4%CVE-2024-11218HIGHPodman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfileEPSS 0.4%CVE-2020-10691MEDIUMAn archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. WheEPSS 0.4%CVE-2020-1739LOWA flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svEPSS 0.4%