Vulnerabilities in RED HAT
1,518 resultsCVE-2025-8766MEDIUMNoobaa-core: excessive permissions of /etc could lead to escalation of privilege in the noobaa-core containerEPSS 0.2%CVE-2025-5915MEDIUMLibarchive: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.cEPSS 0.2%CVE-2026-5745MEDIUMLibarchive: a null pointer dereference vulnerability exists in the acl parser of libarchiveEPSS 0.2%CVE-2025-9615LOWNetworkmanager: networkmanager file accessEPSS 0.2%CVE-2026-50258HIGHXorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levelsEPSS 0.2%CVE-2025-10911MEDIUMLibxslt: use-after-free with key data stored cross-rvtEPSS 0.2%CVE-2025-48796HIGHGimp: stack-based buffer overflows in file-icoEPSS 0.2%CVE-2024-0641MEDIUMKernel: deadlock leading to denial of service in tipc_crypto_key_revokeEPSS 0.2%CVE-2025-31177MEDIUMGnuplot: gnuplot heap-buffer overflow on utf8_copy_oneEPSS 0.2%CVE-2024-0639MEDIUMKernel: potential deadlock on &net->sctp.addr_wq_lock leading to dosEPSS 0.2%CVE-2026-26158HIGHBusybox: busybox: arbitrary file modification and privilege escalation via unvalidated tar archive entriesEPSS 0.2%CVE-2026-11786LOW389-ds-base: 389-ds-base: heap out-of-bounds read in ldif parser str2entry_state_information_from_type()EPSS 0.2%CVE-2026-14614MEDIUMKeycloak-services: keycloak-services: fgap v2 client scope assignment bypass via clientresourceEPSS 0.2%CVE-2026-0965LOWLibssh: libssh: denial of service via improper configuration file handlingEPSS 0.2%CVE-2023-4155MEDIUMSev-es / sev-snp vmgexit double fetch vulnerabilityEPSS 0.2%CVE-2025-57853MEDIUMWeb-terminal: privilege escalation via excessive /etc/passwd permissionsEPSS 0.2%CVE-2026-1766MEDIUMLocalsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and information disclosure via malformed mp3 files.EPSS 0.2%CVE-2026-50256HIGHXorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatchEPSS 0.2%CVE-2026-2376MEDIUMMirror-registry: quay: quay: server-side request forgery via open redirect vulnerability in web interfaceEPSS 0.2%CVE-2026-11332HIGHAnsible-core: argument injection in ansible-galaxy role install leads to arbitrary code executionEPSS 0.2%