Vulnerabilities in Red Hat

1,513 results
Vexday analysis

Com 1.477 CVEs catalogadas e 232 surgidas apenas nos últimos 90 dias, o volume de vulnerabilidades associadas ao Red Hat exige monitoramento contínuo. A taxa de exploração ativa está abaixo da média geral do catálogo, com apenas 1 CVE confirmada no CISA KEV — a CVE-2023-4911, que apresenta EPSS de 0,7861, indicando probabilidade elevada de exploração e merecendo atenção prioritária de equipes de resposta. Das 34 vulnerabilidades de severidade crítica, 18 contam com prova de conceito pública disponível, o que reduz a barreira técnica para exploração e aumenta o risco operacional. O tipo de falha mais recorrente é CWE-125 (leitura fora dos limites), padrão que frequentemente viabiliza vazamento de dados ou corrupção de memória e deve orientar revisões de hardening e priorização de patches.

CVE-2026-37979MEDIUMKeycloak: keycloak: information disclosure via oidc token introspection endpoint audience bypassEPSS 0.4%CVE-2017-2663HIGHIt was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and cEPSS 0.4%CVE-2025-1057MEDIUMKeylime: keylime registrar dos due to incompatible database entry handlingEPSS 0.4%CVE-2023-43788MEDIUMLibxpm: out of bounds read in xpmcreatexpmimagefrombuffer()EPSS 0.4%CVE-2024-2494MEDIUMLibvirt: negative g_new0 length can lead to unbounded memory allocationEPSS 0.4%CVE-2025-13881LOWOrg.keycloak.services.resources.admin: keycloak: limited administrator can retrieve sensitive user attributes via admin apiEPSS 0.4%CVE-2024-43167LOWUnbound: null pointer dereference in unboundEPSS 0.4%CVE-2026-1180MEDIUMOrg.keycloak.protocol.oidc: blind server-side request forgery (ssrf) in keycloak oidc dynamic client registration via jwks_uriEPSS 0.4%CVE-2020-1737HIGHA flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip moEPSS 0.4%CVE-2024-7079MEDIUMOpenshift-console: unauthenticated installation of helm chartsEPSS 0.4%CVE-2026-0707MEDIUMKeycloak: keycloak authorization header parsing leading to potential security control bypassEPSS 0.4%CVE-2025-49177MEDIUMXorg-x11-server-xwayland: xorg-x11-server: tigervnc: data leak in xfixes extension's xfixessetclientdisconnectmodeEPSS 0.4%CVE-2025-47711MEDIUMNbdkit: nbdkit-server: off-by-one error when processing block status may lead to a denial of serviceEPSS 0.4%CVE-2024-11217MEDIUMOauth-server-container: oauth-server-container logs client secret in debug levelEPSS 0.4%CVE-2026-28296MEDIUMGvfs: ftp gvfs backend: arbitrary ftp command injection via crlf sequences in file pathsEPSS 0.4%CVE-2025-26600HIGHXorg: xwayland: use-after-free in playreleasedevents()EPSS 0.4%CVE-2020-10690MEDIUMThere is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deaEPSS 0.4%CVE-2025-26594HIGHX.org: xwayland: use-after-free of the root cursorEPSS 0.4%CVE-2025-26601HIGHXorg: xwayland: use-after-free in syncinittrigger()EPSS 0.4%CVE-2014-8181The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to EPSS 0.4%