Filtered by vendor Redhat
Subscriptions
Total
23134 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62230 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2026-02-26 | 7.3 High |
| A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect. | ||||
| CVE-2025-62229 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2026-02-26 | 7.3 High |
| A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service. | ||||
| CVE-2025-13601 | 2 Gnome, Redhat | 40 Glib, Ceph Storage, Codeready Linux Builder and 37 more | 2026-02-26 | 7.7 High |
| A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string. | ||||
| CVE-2026-1190 | 1 Redhat | 4 Build Keycloak, Jboss Enterprise Application Platform, Jbosseapxp and 1 more | 2026-02-26 | 3.1 Low |
| A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption. | ||||
| CVE-2025-12543 | 1 Redhat | 9 Apache Camel Hawtio, Camel Spring Boot, Enterprise Linux and 6 more | 2026-02-26 | 9.6 Critical |
| A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions. | ||||
| CVE-2026-0719 | 1 Redhat | 9 Enterprise Linux, Enterprise Linux Eus, Openshift Devspaces and 6 more | 2026-02-26 | 8.6 High |
| A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk. | ||||
| CVE-2025-14025 | 1 Redhat | 1 Ansible Automation Platform | 2026-02-26 | 8.5 High |
| A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access controls (RBAC). | ||||
| CVE-2026-0603 | 1 Redhat | 11 Amq Broker, Jboss Data Grid, Jboss Enterprise Application Platform and 8 more | 2026-02-26 | 8.3 High |
| A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service. | ||||
| CVE-2026-26157 | 2 Red Hat, Redhat | 2 Enterprise Linux, Enterprise Linux | 2026-02-26 | 7 High |
| A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files. | ||||
| CVE-2026-26158 | 2 Red Hat, Redhat | 2 Enterprise Linux, Enterprise Linux | 2026-02-26 | 7 High |
| A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files. | ||||
| CVE-2025-14104 | 1 Redhat | 5 Ceph Storage, Enterprise Linux, Insights Proxy and 2 more | 2026-02-26 | 6.1 Medium |
| A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database. | ||||
| CVE-2025-8556 | 1 Redhat | 23 Acm, Advanced Cluster Security, Ceph Storage and 20 more | 2026-02-25 | 3.7 Low |
| A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange. | ||||
| CVE-2024-5154 | 2 Kubernetes, Redhat | 4 Cri-o, Enterprise Linux, Openshift and 1 more | 2026-02-25 | 8.1 High |
| A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system. | ||||
| CVE-2024-9779 | 1 Redhat | 1 Acm | 2026-02-25 | 7.5 High |
| A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named "cluster-manager", which includes the permission to create Pod resources. If this deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager's token and steal any service account token by creating and mounting the target service account to control the whole cluster. | ||||
| CVE-2024-7557 | 1 Redhat | 2 Openshift Ai, Openshift Data Science | 2026-02-25 | 8.8 High |
| A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources. | ||||
| CVE-2024-6162 | 1 Redhat | 11 Apache Camel Hawtio, Apache Camel Spring Boot, Build Keycloak and 8 more | 2026-02-25 | 7.5 High |
| A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up. | ||||
| CVE-2024-4540 | 1 Redhat | 3 Build Keycloak, Red Hat Single Sign On, Rhosemc | 2026-02-25 | 7.5 High |
| A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability. | ||||
| CVE-2024-4467 | 1 Redhat | 7 Advanced Virtualization, Container Native Virtualization, Enterprise Linux and 4 more | 2026-02-25 | 7.8 High |
| A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. | ||||
| CVE-2024-4418 | 1 Redhat | 3 Advanced Virtualization, Enterprise Linux, Rhel Eus | 2026-02-25 | 6.2 Medium |
| A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it. | ||||
| CVE-2025-0690 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-02-25 | 6.1 Medium |
| The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence. | ||||