Vulnerabilidades en Red Hat

1512 resultados
Análisis Vexday

Com 1.477 CVEs catalogadas e 232 surgidas apenas nos últimos 90 dias, o volume de vulnerabilidades associadas ao Red Hat exige monitoramento contínuo. A taxa de exploração ativa está abaixo da média geral do catálogo, com apenas 1 CVE confirmada no CISA KEV — a CVE-2023-4911, que apresenta EPSS de 0,7861, indicando probabilidade elevada de exploração e merecendo atenção prioritária de equipes de resposta. Das 34 vulnerabilidades de severidade crítica, 18 contam com prova de conceito pública disponível, o que reduz a barreira técnica para exploração e aumenta o risco operacional. O tipo de falha mais recorrente é CWE-125 (leitura fora dos limites), padrão que frequentemente viabiliza vazamento de dados ou corrupção de memória e deve orientar revisões de hardening e priorização de patches.

CVE-2023-6176MEDIUMKernel: local dos vulnerability in scatterwalk_copychunksEPSS 0.3%CVE-2026-3429MEDIUMOrg.keycloak.services.resources.account: improper access control leading to mfa deletion and account takeover in keycloak account rest apiEPSS 0.3%CVE-2025-0684MEDIUMGrub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading dataEPSS 0.3%CVE-2025-46397HIGHXfig: xfig: stack-overflow allows possible code execution via local input manipulationEPSS 0.3%CVE-2023-3301MEDIUMTriggerable assertion due to race condition in hot-unplugEPSS 0.3%CVE-2026-12969MEDIUMDnsmasq: dnsmasq: out-of-bounds read in find_soa() due to missing extrabytes validationEPSS 0.3%CVE-2024-2496MEDIUMLibvirt: null pointer dereference in udevconnectlistallinterfaces()EPSS 0.3%CVE-2024-6519HIGHQemu: scsi: lsi53c895a: use-after-free local privilege escalation vulnerabilityEPSS 0.3%CVE-2026-34003HIGHXorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory accessEPSS 0.3%CVE-2026-4325MEDIUMKeycloak: keycloak: replay of action tokens via improper handling of single-use entriesEPSS 0.3%CVE-2023-4459MEDIUMKernel: vmxnet3: null pointer dereference in vmxnet3_rq_cleanup()EPSS 0.2%CVE-2026-12993MEDIUMApicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via internal dtd subsetEPSS 0.2%CVE-2024-9902MEDIUMAnsible-core: ansible-core user may read/write unauthorized contentEPSS 0.2%CVE-2024-0443MEDIUMKernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.EPSS 0.2%CVE-2026-1767MEDIUMLocalsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leading to denial of service or information disclosure via malformed mp3 id3 tagsEPSS 0.2%CVE-2026-12388MEDIUMKeycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapperEPSS 0.2%CVE-2020-1706HIGHIt has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers EPSS 0.2%CVE-2026-56210HIGHLibaom: libaom: heap-buffer-overflow read via missing bounds check in ctrl_set_layer_idEPSS 0.2%CVE-2023-4387HIGHKernel: vmxnet3: use-after-free in vmxnet3_rq_alloc_rx_buf()EPSS 0.2%CVE-2026-4629MEDIUMKeycloak: keycloak: privilege escalation through hardcoded role mapper injectionEPSS 0.2%