Vulnerabilidades em Red Hat

1.512 resultados
Análise Vexday

Com 1.477 CVEs catalogadas e 232 surgidas apenas nos últimos 90 dias, o volume de vulnerabilidades associadas ao Red Hat exige monitoramento contínuo. A taxa de exploração ativa está abaixo da média geral do catálogo, com apenas 1 CVE confirmada no CISA KEV — a CVE-2023-4911, que apresenta EPSS de 0,7861, indicando probabilidade elevada de exploração e merecendo atenção prioritária de equipes de resposta. Das 34 vulnerabilidades de severidade crítica, 18 contam com prova de conceito pública disponível, o que reduz a barreira técnica para exploração e aumenta o risco operacional. O tipo de falha mais recorrente é CWE-125 (leitura fora dos limites), padrão que frequentemente viabiliza vazamento de dados ou corrupção de memória e deve orientar revisões de hardening e priorização de patches.

CVE-2023-25586MEDIUMLocal variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitializedEPSS 0.3%CVE-2013-0261HIGHPackstack: packstack: arbitrary file overwrite via symlink attackEPSS 0.3%CVE-2026-11788MEDIUM389-ds-base: 389-ds-base: null pointer dereference in deref control plugin ber parserEPSS 0.3%CVE-2024-5742MEDIUMNano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned fileEPSS 0.3%CVE-2026-4636HIGHKeycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.EPSS 0.3%CVE-2019-10194MEDIUMSensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. PasswordEPSS 0.3%CVE-2026-11790MEDIUM389-ds-base: 389-ds-base: pbkdf2 password storage plugin unbounded iteration count denial of serviceEPSS 0.3%CVE-2020-10684HIGHA flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_faEPSS 0.3%CVE-2023-3812HIGHKernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_fragsEPSS 0.3%CVE-2024-9453MEDIUMJenkins-image: sensitive data disclosure when using openshift jenkins imageEPSS 0.3%CVE-2026-7571HIGHKeycloak: keycloak: access token disclosure and implicit flow bypass via forged client dataEPSS 0.3%CVE-2023-38560MEDIUMGhostscript: integer overflow in pcl/pl/plfont.c:418 in pl_glyph_nameEPSS 0.3%CVE-2023-3576MEDIUMLibtiff: memory leak in tiffcrop.cEPSS 0.3%CVE-2025-5918LOWLibarchive: reading past eof may be triggered for piped file streamsEPSS 0.3%CVE-2024-0232MEDIUMSqlite: use-after-free bug in jsonparseaddnodearrayEPSS 0.3%CVE-2023-33951MEDIUMKernel: vmwgfx: race condition leading to information disclosure vulnerabilityEPSS 0.3%CVE-2025-7425HIGHLibxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptrEPSS 0.3%CVE-2024-3625HIGHMirror-registry: redis password stored in plain-textEPSS 0.3%CVE-2024-3624HIGHMirror-registry: database user and password stored in plain-textEPSS 0.3%CVE-2024-31082HIGHXorg-x11-server: heap buffer overread/data leakage in procappledricreatepixmapEPSS 0.3%