Vulnerabilities in RED HAT

1,513 results
CVE-2025-10044MEDIUMKeycloak: keycloak error_description injection on error pagesEPSS 0.3%CVE-2025-2843HIGHObservability-operator: observability operator privilege escalationEPSS 0.3%CVE-2026-9149MEDIUMLibsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv fileEPSS 0.3%CVE-2019-3875MEDIUMA vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRLEPSS 0.3%CVE-2023-6238MEDIUMKernel: nvme: memory corruption via unprivileged user passthroughEPSS 0.3%CVE-2025-8283LOWNetavark: podman: netavark may resolve hostnames to unexpected hostsEPSS 0.3%CVE-2025-25208MEDIUMRhcl: authorino denial of service through authpolicy with sharedsecretref severityEPSS 0.3%CVE-2024-45770MEDIUMPcp: pmpost symlink attack allows escalating pcp to root userEPSS 0.3%CVE-2025-60018MEDIUMGlib-networking: out of bound reads on glib-networking through tls/openssl/gtlscertificate-openssl.c via "g_tls_certificate_openssl_get_property()"EPSS 0.3%CVE-2023-3355MEDIUMNull pointer dereference in submit_lookup_cmds() in drivers/gpu/drm/msm/msm_gem_submit.cEPSS 0.3%CVE-2024-9683MEDIUMQuay: quay allows successful authentication with trucated version of the passwordEPSS 0.3%CVE-2026-9099HIGHKeycloak: group-admin escalation to realm-adminEPSS 0.3%CVE-2023-0160MEDIUMPossibility of deadlock in libbpf function sock_hash_delete_elemEPSS 0.3%CVE-2026-52722HIGHGstreamer1-plugins-bad-free: gstreamer: signed integer overflow in vmnc decoder cursor payload handlingEPSS 0.3%CVE-2025-14243MEDIUMMirror-registry: openshift mirror registry: user enumeration via authentication error messagesEPSS 0.3%CVE-2026-11820MEDIUMCommunity.general: community.general nexmo — api credentials exposed in get url query string[security] community.general nexmo — api credentials exposed in get url query stringEPSS 0.3%CVE-2024-9407MEDIUMBuildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instructionEPSS 0.3%CVE-2025-14778MEDIUMKeycloak: incorrect ownership checks in /uma-policy/EPSS 0.3%CVE-2024-45618LOWLibopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15initEPSS 0.3%CVE-2024-52336HIGHTuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by rootEPSS 0.3%