← Back

Redhat

redhat

5,674 CVEs • 537 products

Products (537)

Click to collapse
Toggle
Enterprise Linux Desktop
enterprise_linux_desktop
1,928 CVEs
Enterprise Linux Server
enterprise_linux_server
1,891 CVEs
Enterprise Linux Workstation
enterprise_linux_workstation
1,845 CVEs
Enterprise Linux
enterprise_linux
1,803 CVEs
Enterprise Linux Server Aus
enterprise_linux_server_aus
1,058 CVEs
Enterprise Linux Eus
enterprise_linux_eus
779 CVEs
Enterprise Linux Server Tus
enterprise_linux_server_tus
767 CVEs
Enterprise Linux Server Eus
enterprise_linux_server_eus
622 CVEs
Openshift Container Platform
openshift_container_platform
304 CVEs
Jboss Enterprise Application Platform
jboss_enterprise_application_platform
243 CVEs
Linux
linux
229 CVEs
Satellite
satellite
225 CVEs
Openstack
openstack
210 CVEs
Enterprise Linux Hpc Node
enterprise_linux_hpc_node
146 CVEs
Openshift
openshift
146 CVEs
Software Collections
software_collections
136 CVEs
Virtualization
virtualization
128 CVEs
Enterprise Linux For Ibm Z Systems
enterprise_linux_for_ibm_z_systems
113 CVEs
Single Sign On
single_sign_on
112 CVEs
Enterprise Linux For Power Little Endian
enterprise_linux_for_power_little_endian
107 CVEs
Keycloak
keycloak
98 CVEs
Enterprise Linux For Power Little Endian Eus
enterprise_linux_for_power_little_endian_eus
94 CVEs
Enterprise Linux For Ibm Z Systems Eus
enterprise_linux_for_ibm_z_systems_eus
88 CVEs
Enterprise Linux Workstation Supplementary
enterprise_linux_workstation_supplementary
86 CVEs
Enterprise Linux Desktop Supplementary
enterprise_linux_desktop_supplementary
84 CVEs
Enterprise Linux Server Supplementary
enterprise_linux_server_supplementary
84 CVEs
Virtualization Host
virtualization_host
84 CVEs
Enterprise Linux Server Supplementary Eus
enterprise_linux_server_supplementary_eus
83 CVEs
Enterprise Linux Hpc Node Eus
enterprise_linux_hpc_node_eus
81 CVEs
Fedora Core
fedora_core
77 CVEs
Enterprise Mrg
enterprise_mrg
73 CVEs
Libvirt
libvirt
73 CVEs
Enterprise Linux For Scientific Computing
enterprise_linux_for_scientific_computing
71 CVEs
Linux Advanced Workstation
linux_advanced_workstation
65 CVEs
Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
64 CVEs
Ansible Tower
ansible_tower
64 CVEs
Build Of Keycloak
build_of_keycloak
55 CVEs
Cloudforms
cloudforms
48 CVEs
Enterprise Linux For Arm 64
enterprise_linux_for_arm_64
46 CVEs
Enterprise Linux For Power Big Endian
enterprise_linux_for_power_big_endian
45 CVEs
Ansible
ansible
45 CVEs
Ceph Storage
ceph_storage
45 CVEs
Enterprise Linux Aus
enterprise_linux_aus
44 CVEs
Linux Desktop
linux_desktop
44 CVEs
Linux Server
linux_server
44 CVEs
Linux Workstation
linux_workstation
44 CVEs
Enterprise Linux Server Update Services For Sap Solutions
enterprise_linux_server_update_services_for_sap_solutions
43 CVEs
Enterprise Linux For Real Time
enterprise_linux_for_real_time
43 CVEs
Cloudforms Management Engine
cloudforms_management_engine
42 CVEs
Jboss Fuse
jboss_fuse
42 CVEs
Codeready Linux Builder
codeready_linux_builder
42 CVEs
Undertow
undertow
40 CVEs
Openstack Platform
openstack_platform
39 CVEs
Enterprise Linux For Real Time For Nfv
enterprise_linux_for_real_time_for_nfv
37 CVEs
Enterprise Linux For Arm 64 Eus
enterprise_linux_for_arm_64_eus
37 CVEs
Enterprise Virtualization
enterprise_virtualization
36 CVEs
Jboss Enterprise Web Server
jboss_enterprise_web_server
35 CVEs
Directory Server
directory_server
33 CVEs
Jboss Core Services
jboss_core_services
33 CVEs
Openshift Application Runtimes
openshift_application_runtimes
33 CVEs
Storage
storage
31 CVEs
Quay
quay
31 CVEs
Fuse
fuse
29 CVEs
Gluster Storage
gluster_storage
25 CVEs
Jboss Data Grid
jboss_data_grid
25 CVEs
Ansible Engine
ansible_engine
25 CVEs
Enterprise Linux Update Services For Sap Solutions
enterprise_linux_update_services_for_sap_solutions
25 CVEs
Jboss Operations Network
jboss_operations_network
24 CVEs
Process Automation
process_automation
24 CVEs
Ansible Automation Platform
ansible_automation_platform
24 CVEs
Hardened Images
hardened_images
24 CVEs
Jboss Enterprise Brms Platform
jboss_enterprise_brms_platform
23 CVEs
Openshift Container Platform For Power
openshift_container_platform_for_power
23 CVEs
Jboss Enterprise Portal Platform
jboss_enterprise_portal_platform
22 CVEs
Enterprise Linux For Real Time For Nfv Tus
enterprise_linux_for_real_time_for_nfv_tus
22 CVEs
Jboss Enterprise Web Platform
jboss_enterprise_web_platform
21 CVEs
Data Grid
data_grid
21 CVEs
Enterprise Linux For Real Time Tus
enterprise_linux_for_real_time_tus
21 CVEs
Openshift Service Mesh
openshift_service_mesh
21 CVEs
Build Of Quarkus
build_of_quarkus
21 CVEs
Enterprise Linux For Power Big Endian Eus
enterprise_linux_for_power_big_endian_eus
20 CVEs
Enterprise Linux Tus
enterprise_linux_tus
20 CVEs
Decision Manager
decision_manager
20 CVEs
Codeready Linux Builder Eus
codeready_linux_builder_eus
20 CVEs
Integration Camel K
integration_camel_k
20 CVEs
Enterprise Virtualization Manager
enterprise_virtualization_manager
19 CVEs
Certificate System
certificate_system
18 CVEs
Resteasy
resteasy
18 CVEs
Jboss Bpm Suite
jboss_bpm_suite
18 CVEs
Wildfly
wildfly
18 CVEs
Codeready Linux Builder For Arm64 Eus
codeready_linux_builder_for_arm64_eus
18 CVEs
Codeready Linux Builder For Ibm Z Systems Eus
codeready_linux_builder_for_ibm_z_systems_eus
18 CVEs
Jboss Enterprise Soa Platform
jboss_enterprise_soa_platform
17 CVEs
Jboss A Mq
jboss_a-mq
17 CVEs
Ceph
ceph
17 CVEs
Codeready Linux Builder For Power Little Endian Eus
codeready_linux_builder_for_power_little_endian_eus
17 CVEs
Openshift Container Platform For Linuxone
openshift_container_platform_for_linuxone
17 CVEs
Jboss Enterprise Application Platform Expansion Pack
jboss_enterprise_application_platform_expansion_pack
17 CVEs
Codeready Linux Builder For Ibm Z Systems
codeready_linux_builder_for_ibm_z_systems
16 CVEs
Codeready Linux Builder For Power Little Endian
codeready_linux_builder_for_power_little_endian
16 CVEs

CVEs (5,674)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2012-0787
2Augeas
Redhat
2Augeas
Enterprise Linux
Apr 29, 2026
Nov 23, 2013
N/A· v4
N/A· v3
3.7 LOW· v2
The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive i...Show more
The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option.Show less
CVE-2013-4214
2Nagios
Redhat
2Nagios
Openstack
Apr 29, 2026
Nov 23, 2013
N/A· v4
N/A· v3
6.3 MEDIUM· v2
rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.
CVE-2013-2029
1Redhat
1Openstack
Apr 29, 2026
Nov 23, 2013
N/A· v4
N/A· v3
6.3 MEDIUM· v2
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a...Show more
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.Show less
CVE-2013-4485
2Fedoraproject
Redhat
3389 Directory Server
Directory ServerEnterprise Linux
Apr 29, 2026
Nov 23, 2013
N/A· v4
N/A· v3
4.0 MEDIUM· v2
389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.
CVE-2013-4482
2Redhat
Scientificlinux
2Enterprise Linux
Luci
Apr 29, 2026
Nov 23, 2013
N/A· v4
N/A· v3
6.2 MEDIUM· v2
Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current workin...Show more
Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.Show less
CVE-2013-4481
2Redhat
Scientificlinux
2Enterprise Linux
Luci
Apr 29, 2026
Nov 23, 2013
N/A· v4
N/A· v3
1.9 LOW· v2
Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "aut...Show more
Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."Show less
CVE-2013-1813
3Busybox
RedhatT Mobile
3Busybox
Enterprise LinuxTm Ac1900
Apr 29, 2026
Nov 23, 2013
N/A· v4
N/A· v3
7.2 HIGH· v2
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.
CVE-2013-0281
2Clusterlabs
Redhat
2Enterprise Linux
Pacemaker
Apr 29, 2026
Nov 23, 2013
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a d...Show more
Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking).Show less
CVE-2013-4386
2Redhat
Theforeman
2Foreman
Openstack
Apr 29, 2026
Nov 20, 2013
N/A· v4
N/A· v3
7.5 HIGH· v2
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.
CVE-2013-4480
2Redhat
Suse
5Linux Enterprise
ManagerNetwork Satellite+2 more
Apr 29, 2026
Nov 18, 2013
N/A· v4
N/A· v3
7.5 HIGH· v2
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.
CVE-2013-4282
2Redhat
Spice Project
3Enterprise Linux
Enterprise VirtualizationSpice
Apr 29, 2026
Nov 2, 2013
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.
CVE-2013-4401
1Redhat
1Libvirt
Apr 29, 2026
Nov 2, 2013
N/A· v4
N/A· v3
8.5 HIGH· v2
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execu...Show more
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.Show less
CVE-2013-4261
2Openstack
Redhat
3Folsom
GrizzlyOpenstack
Apr 29, 2026
Oct 29, 2013
N/A· v4
N/A· v3
3.5 LOW· v2
OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (...Show more
OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.Show less
CVE-2013-4185
2Openstack
Redhat
2Compute
Openstack
Apr 29, 2026
Oct 29, 2013
N/A· v4
N/A· v3
4.0 MEDIUM· v2
Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users t...Show more
Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.Show less
CVE-2013-2186
2Redhat
Ubuntu
5Jboss Enterprise Brms Platform
Jboss Enterprise Portal PlatformJboss Enterprise Web Server+2 more
Apr 29, 2026
Oct 28, 2013
N/A· v4
N/A· v3
7.5 HIGH· v2
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files vi...Show more
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.Show less
CVE-2013-2102
1Redhat
1Jboss Enterprise Portal Platform
Apr 29, 2026
Oct 28, 2013
N/A· v4
N/A· v3
3.3 LOW· v2
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive informati...Show more
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.Show less
CVE-2012-4572
1Redhat
2Jboss Enterprise Application Platform
Jboss Enterprise Portal Platform
Apr 29, 2026
Oct 28, 2013
N/A· v4
N/A· v3
3.7 LOW· v2
Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loa...Show more
Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application.Show less
CVE-2012-4529
1Redhat
2Jboss Community Application Server
Jboss Enterprise Application Platform
Apr 29, 2026
Oct 28, 2013
N/A· v4
N/A· v3
4.3 MEDIUM· v2
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allow...Show more
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log.Show less
CVE-2013-4299
2Linux
Redhat
2Enterprise Linux
Linux Kernel
Apr 29, 2026
Oct 24, 2013
N/A· v4
N/A· v3
6.0 MEDIUM· v2
Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block dev...Show more
Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.Show less
CVE-2013-4373
1Redhat
1Jboss Operations Network
Apr 29, 2026
Oct 24, 2013
N/A· v4
N/A· v3
3.2 LOW· v2
The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to u...Show more
The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files.Show less