Vulnerabilities in Red Hat

1,518 results
Vexday analysis

Com 1.477 CVEs catalogadas e 232 surgidas apenas nos últimos 90 dias, o volume de vulnerabilidades associadas ao Red Hat exige monitoramento contínuo. A taxa de exploração ativa está abaixo da média geral do catálogo, com apenas 1 CVE confirmada no CISA KEV — a CVE-2023-4911, que apresenta EPSS de 0,7861, indicando probabilidade elevada de exploração e merecendo atenção prioritária de equipes de resposta. Das 34 vulnerabilidades de severidade crítica, 18 contam com prova de conceito pública disponível, o que reduz a barreira técnica para exploração e aumenta o risco operacional. O tipo de falha mais recorrente é CWE-125 (leitura fora dos limites), padrão que frequentemente viabiliza vazamento de dados ou corrupção de memória e deve orientar revisões de hardening e priorização de patches.

CVE-2025-14243MEDIUMMirror-registry: openshift mirror registry: user enumeration via authentication error messagesEPSS 0.3%CVE-2024-9407MEDIUMBuildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instructionEPSS 0.3%CVE-2024-52336HIGHTuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by rootEPSS 0.3%CVE-2024-45618LOWLibopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15initEPSS 0.3%CVE-2026-11820MEDIUMCommunity.general: community.general nexmo — api credentials exposed in get url query string[security] community.general nexmo — api credentials exposed in get url query stringEPSS 0.3%CVE-2025-1118MEDIUMGrub2: commands/dump: the dump command is not in lockdown when secure boot is enabledEPSS 0.3%CVE-2024-8354MEDIUMQemu-kvm: usb: assertion failure in usb_ep_get()EPSS 0.3%CVE-2024-2700HIGHQuarkus-core: leak of local configuration properties into quarkus applicationsEPSS 0.3%CVE-2026-44188MEDIUMAnsible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due to insufficient session expirationEPSS 0.3%CVE-2024-1013HIGHUnixodbc: out of bounds stack write due to pointer-to-integer types conversionEPSS 0.3%CVE-2026-11789MEDIUM389-ds-base: 389-ds-base: smd5 password storage plugin salt length integer underflow crashEPSS 0.3%CVE-2023-4569MEDIUMKernel: information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.cEPSS 0.3%CVE-2026-1035LOWOrg.keycloak.protocol.oidc: keycloak refresh token reuse bypass via toctou race conditionEPSS 0.3%CVE-2023-5633HIGHKernel: vmwgfx: reference count issue leads to use-after-free in surface handlingEPSS 0.3%CVE-2023-6560MEDIUMKernel: io_uring out of boundary memory access in __io_uaddr_map()EPSS 0.3%CVE-2025-13947HIGHWebkit: webkitgtk: remote user-assisted information disclosure via file drag-and-dropEPSS 0.3%CVE-2026-11793MEDIUM389-ds-base: 389-ds-base: stack buffer overflow in checkprefix() algorithm id parsingEPSS 0.3%CVE-2025-62231HIGHXorg: xmayland: value overflow in xkbsetcompatmap()EPSS 0.3%CVE-2023-7042MEDIUMKernel: null pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()EPSS 0.3%CVE-2026-8922MEDIUMOrg.keycloak/keycloak-services: keycloak: org.keycloak.protocol.oidc: security flaw in org.keycloak/keycloak-servicesEPSS 0.3%