Vulnerabilities in Red Hat

1,512 results
Vexday analysis

Com 1.477 CVEs catalogadas e 232 surgidas apenas nos últimos 90 dias, o volume de vulnerabilidades associadas ao Red Hat exige monitoramento contínuo. A taxa de exploração ativa está abaixo da média geral do catálogo, com apenas 1 CVE confirmada no CISA KEV — a CVE-2023-4911, que apresenta EPSS de 0,7861, indicando probabilidade elevada de exploração e merecendo atenção prioritária de equipes de resposta. Das 34 vulnerabilidades de severidade crítica, 18 contam com prova de conceito pública disponível, o que reduz a barreira técnica para exploração e aumenta o risco operacional. O tipo de falha mais recorrente é CWE-125 (leitura fora dos limites), padrão que frequentemente viabiliza vazamento de dados ou corrupção de memória e deve orientar revisões de hardening e priorização de patches.

CVE-2024-1726MEDIUMQuarkus: security checks for some inherited endpoints performed after serialization in resteasy reactive may trigger a denial of serviceEPSS 0.7%CVE-2026-3832LOWGnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp responseEPSS 0.7%CVE-2025-32990MEDIUMGnutls: vulnerability in gnutls certtool template parsingEPSS 0.7%CVE-2023-4503MEDIUMEap-galleon: custom provisioning creates unsecured http-invokerEPSS 0.7%CVE-2023-3640HIGHKernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user spaceEPSS 0.7%CVE-2023-6267HIGHQuarkus: json payload getting processed prior to security checks when rest resources are used with annotations.EPSS 0.7%CVE-2024-28834MEDIUMGnutls: vulnerable to minerva side-channel information leakEPSS 0.7%CVE-2019-10159MEDIUMcfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration EPSS 0.7%CVE-2023-5380MEDIUMXorg-x11-server: use-after-free bug in destroywindowEPSS 0.7%CVE-2019-10201HIGHIt was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML EPSS 0.7%CVE-2022-3962MEDIUMKiali: error message spoofing in kiali uiEPSS 0.7%CVE-2023-6717MEDIUMKeycloak: xss via assertion consumer service url in saml post-binding flowEPSS 0.7%CVE-2023-1625HIGHInformation leak in apiEPSS 0.7%CVE-2024-0822HIGHOvirt: authentication bypassEPSS 0.7%CVE-2024-11738MEDIUMRustls: rustls network-reachable panic in `acceptor::accept`EPSS 0.7%CVE-2026-28367HIGHUndertow: undertow: request smuggling via `\r\r\r` as a header block terminatorEPSS 0.7%CVE-2026-28368HIGHUndertow: undertow: request smuggling via inconsistent header parsingEPSS 0.7%CVE-2019-3872MEDIUMIt was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x anEPSS 0.7%CVE-2025-10725CRITICALOpenshift-ai: overly permissive clusterrole allows authenticated users to escalate privileges to cluster adminEPSS 0.7%CVE-2022-4132MEDIUMMemory leak on tls connectionsEPSS 0.7%