Vulnerabilities in Red Hat

1,512 results
Vexday analysis

Com 1.477 CVEs catalogadas e 232 surgidas apenas nos últimos 90 dias, o volume de vulnerabilidades associadas ao Red Hat exige monitoramento contínuo. A taxa de exploração ativa está abaixo da média geral do catálogo, com apenas 1 CVE confirmada no CISA KEV — a CVE-2023-4911, que apresenta EPSS de 0,7861, indicando probabilidade elevada de exploração e merecendo atenção prioritária de equipes de resposta. Das 34 vulnerabilidades de severidade crítica, 18 contam com prova de conceito pública disponível, o que reduz a barreira técnica para exploração e aumenta o risco operacional. O tipo de falha mais recorrente é CWE-125 (leitura fora dos limites), padrão que frequentemente viabiliza vazamento de dados ou corrupção de memória e deve orientar revisões de hardening e priorização de patches.

CVE-2024-12397HIGHIo.quarkus.http/quarkus-http-core: quarkus http cookie smugglingEPSS 0.8%CVE-2020-10689MEDIUMA flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user EPSS 0.8%CVE-2024-11736MEDIUMOrg.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variablesEPSS 0.8%CVE-2023-5215MEDIUMLibnbd: crash or misbehaviour when nbd server returns an unexpected block sizeEPSS 0.7%CVE-2017-7538LOWA cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an orEPSS 0.7%CVE-2023-6787MEDIUMKeycloak: session hijacking via re-authenticationEPSS 0.7%CVE-2026-7307HIGHKeycloak: keycloak: denial of service via specially crafted saml inputEPSS 0.7%CVE-2019-14885MEDIUMA flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security aEPSS 0.7%CVE-2025-9900HIGHLibtiff: libtiff write-what-whereEPSS 0.7%CVE-2025-14242MEDIUMVsftpd: vsftpd: denial of service via integer overflow in ls command parameter parsingEPSS 0.7%CVE-2023-6841HIGHKeycloak: amount of attributes per object is not limited and it may lead to dosEPSS 0.7%CVE-2019-14905HIGHA vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in AnsibEPSS 0.7%CVE-2017-7509LOWAn input validation error was found in Red Hat Certificate System's handling of client provided certificates before 8.1.20-1. If the certreqEPSS 0.7%CVE-2025-4969MEDIUMLibsoup: off-by-one out-of-bounds read in find_boundary() in soup-multipart.cEPSS 0.7%CVE-2025-32049HIGHLibsoup: denial of service attack to websocket serverEPSS 0.7%CVE-2026-5260HIGHGnutls: gnutls: information disclosure via heap overread in rsa key exchangeEPSS 0.7%CVE-2026-42015MEDIUMGnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handlingEPSS 0.7%CVE-2024-10492LOWKeycloak-quarkus-server: keycloak path trasversalEPSS 0.7%CVE-2023-2593MEDIUMKernel: ksmbd memory exhaustion denial-of-service vulnerabilityEPSS 0.7%CVE-2025-1247HIGHIo.quarkus:quarkus-rest: quarkus rest endpoint request parameter leakage due to shared instanceEPSS 0.7%