← Back

Redhat

redhat

5,653 CVEs • 536 products

Products (536)

Click to collapse
Toggle
Enterprise Linux Desktop
enterprise_linux_desktop
1,928 CVEs
Enterprise Linux Server
enterprise_linux_server
1,891 CVEs
Enterprise Linux Workstation
enterprise_linux_workstation
1,845 CVEs
Enterprise Linux
enterprise_linux
1,788 CVEs
Enterprise Linux Server Aus
enterprise_linux_server_aus
1,058 CVEs
Enterprise Linux Eus
enterprise_linux_eus
779 CVEs
Enterprise Linux Server Tus
enterprise_linux_server_tus
767 CVEs
Enterprise Linux Server Eus
enterprise_linux_server_eus
622 CVEs
Openshift Container Platform
openshift_container_platform
297 CVEs
Jboss Enterprise Application Platform
jboss_enterprise_application_platform
243 CVEs
Linux
linux
229 CVEs
Satellite
satellite
225 CVEs
Openstack
openstack
210 CVEs
Enterprise Linux Hpc Node
enterprise_linux_hpc_node
146 CVEs
Openshift
openshift
146 CVEs
Software Collections
software_collections
136 CVEs
Virtualization
virtualization
128 CVEs
Enterprise Linux For Ibm Z Systems
enterprise_linux_for_ibm_z_systems
112 CVEs
Single Sign On
single_sign_on
112 CVEs
Enterprise Linux For Power Little Endian
enterprise_linux_for_power_little_endian
106 CVEs
Keycloak
keycloak
98 CVEs
Enterprise Linux For Power Little Endian Eus
enterprise_linux_for_power_little_endian_eus
93 CVEs
Enterprise Linux For Ibm Z Systems Eus
enterprise_linux_for_ibm_z_systems_eus
87 CVEs
Enterprise Linux Workstation Supplementary
enterprise_linux_workstation_supplementary
86 CVEs
Enterprise Linux Desktop Supplementary
enterprise_linux_desktop_supplementary
84 CVEs
Enterprise Linux Server Supplementary
enterprise_linux_server_supplementary
84 CVEs
Virtualization Host
virtualization_host
84 CVEs
Enterprise Linux Server Supplementary Eus
enterprise_linux_server_supplementary_eus
83 CVEs
Enterprise Linux Hpc Node Eus
enterprise_linux_hpc_node_eus
81 CVEs
Fedora Core
fedora_core
77 CVEs
Enterprise Mrg
enterprise_mrg
73 CVEs
Libvirt
libvirt
73 CVEs
Enterprise Linux For Scientific Computing
enterprise_linux_for_scientific_computing
71 CVEs
Linux Advanced Workstation
linux_advanced_workstation
65 CVEs
Ansible Tower
ansible_tower
64 CVEs
Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
63 CVEs
Build Of Keycloak
build_of_keycloak
55 CVEs
Cloudforms
cloudforms
48 CVEs
Enterprise Linux For Arm 64
enterprise_linux_for_arm_64
46 CVEs
Enterprise Linux For Power Big Endian
enterprise_linux_for_power_big_endian
45 CVEs
Ansible
ansible
45 CVEs
Ceph Storage
ceph_storage
45 CVEs
Enterprise Linux Aus
enterprise_linux_aus
44 CVEs
Linux Desktop
linux_desktop
44 CVEs
Linux Server
linux_server
44 CVEs
Linux Workstation
linux_workstation
44 CVEs
Enterprise Linux Server Update Services For Sap Solutions
enterprise_linux_server_update_services_for_sap_solutions
43 CVEs
Enterprise Linux For Real Time
enterprise_linux_for_real_time
43 CVEs
Cloudforms Management Engine
cloudforms_management_engine
42 CVEs
Jboss Fuse
jboss_fuse
42 CVEs
Codeready Linux Builder
codeready_linux_builder
42 CVEs
Undertow
undertow
40 CVEs
Openstack Platform
openstack_platform
39 CVEs
Enterprise Linux For Real Time For Nfv
enterprise_linux_for_real_time_for_nfv
37 CVEs
Enterprise Linux For Arm 64 Eus
enterprise_linux_for_arm_64_eus
37 CVEs
Enterprise Virtualization
enterprise_virtualization
36 CVEs
Jboss Enterprise Web Server
jboss_enterprise_web_server
35 CVEs
Jboss Core Services
jboss_core_services
33 CVEs
Openshift Application Runtimes
openshift_application_runtimes
33 CVEs
Storage
storage
31 CVEs
Quay
quay
31 CVEs
Fuse
fuse
28 CVEs
Directory Server
directory_server
27 CVEs
Gluster Storage
gluster_storage
25 CVEs
Jboss Data Grid
jboss_data_grid
25 CVEs
Ansible Engine
ansible_engine
25 CVEs
Enterprise Linux Update Services For Sap Solutions
enterprise_linux_update_services_for_sap_solutions
25 CVEs
Jboss Operations Network
jboss_operations_network
24 CVEs
Process Automation
process_automation
24 CVEs
Ansible Automation Platform
ansible_automation_platform
24 CVEs
Jboss Enterprise Brms Platform
jboss_enterprise_brms_platform
23 CVEs
Openshift Container Platform For Power
openshift_container_platform_for_power
23 CVEs
Hardened Images
hardened_images
23 CVEs
Jboss Enterprise Portal Platform
jboss_enterprise_portal_platform
22 CVEs
Enterprise Linux For Real Time For Nfv Tus
enterprise_linux_for_real_time_for_nfv_tus
22 CVEs
Jboss Enterprise Web Platform
jboss_enterprise_web_platform
21 CVEs
Data Grid
data_grid
21 CVEs
Enterprise Linux For Real Time Tus
enterprise_linux_for_real_time_tus
21 CVEs
Openshift Service Mesh
openshift_service_mesh
21 CVEs
Build Of Quarkus
build_of_quarkus
21 CVEs
Enterprise Linux For Power Big Endian Eus
enterprise_linux_for_power_big_endian_eus
20 CVEs
Enterprise Linux Tus
enterprise_linux_tus
20 CVEs
Decision Manager
decision_manager
20 CVEs
Codeready Linux Builder Eus
codeready_linux_builder_eus
20 CVEs
Integration Camel K
integration_camel_k
20 CVEs
Enterprise Virtualization Manager
enterprise_virtualization_manager
19 CVEs
Certificate System
certificate_system
18 CVEs
Resteasy
resteasy
18 CVEs
Jboss Bpm Suite
jboss_bpm_suite
18 CVEs
Wildfly
wildfly
18 CVEs
Codeready Linux Builder For Arm64 Eus
codeready_linux_builder_for_arm64_eus
18 CVEs
Codeready Linux Builder For Ibm Z Systems Eus
codeready_linux_builder_for_ibm_z_systems_eus
18 CVEs
Jboss Enterprise Soa Platform
jboss_enterprise_soa_platform
17 CVEs
Jboss A Mq
jboss_a-mq
17 CVEs
Ceph
ceph
17 CVEs
Codeready Linux Builder For Power Little Endian Eus
codeready_linux_builder_for_power_little_endian_eus
17 CVEs
Openshift Container Platform For Linuxone
openshift_container_platform_for_linuxone
17 CVEs
Jboss Enterprise Application Platform Expansion Pack
jboss_enterprise_application_platform_expansion_pack
17 CVEs
Codeready Linux Builder For Ibm Z Systems
codeready_linux_builder_for_ibm_z_systems
16 CVEs
Codeready Linux Builder For Power Little Endian
codeready_linux_builder_for_power_little_endian
16 CVEs

CVEs (5,653)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-0456
1Redhat
1Apicast
Nov 21, 2024
Sep 27, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting ac...Show more
A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information.Show less
CVE-2023-42753
3Debian
LinuxRedhat
3Debian Linux
Enterprise LinuxLinux Kernel
Nov 21, 2024
Sep 25, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitraril...Show more
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.Show less
CVE-2022-4318
3Fedoraproject
KubernetesRedhat
7Cri O
Extra Packages For Enterprise LinuxFedora+4 more
Nov 21, 2024
Sep 25, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
CVE-2022-4245
2Codehaus Plexus
Redhat
2Integration Camel K
Plexus Utils
Nov 21, 2024
Sep 25, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpre...Show more
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.Show less
CVE-2022-4244
2Codehaus Plexus
Redhat
2Integration Camel K
Plexus Utils
May 5, 2025
Sep 25, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)"...Show more
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.Show less
CVE-2022-4137
1Redhat
2Keycloak
Single Sign On
Nov 21, 2024
Sep 25, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. Th...Show more
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.Show less
CVE-2023-4156
3Fedoraproject
GnuRedhat
3Enterprise Linux
FedoraGawk
Nov 21, 2024
Sep 25, 2023
N/A· v4
7.1 HIGH· v3
N/A· v2
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.
CVE-2023-5156
2Gnu
Redhat
2Enterprise Linux
Glibc
Nov 21, 2024
Sep 25, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
CVE-2023-1636
2Openstack
Redhat
2Barbican
Openstack Platform
Nov 21, 2024
Sep 24, 2023
N/A· v4
5.0 MEDIUM· v3
N/A· v2
A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespac...Show more
A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.Show less
CVE-2023-1633
2Openstack
Redhat
2Barbican
Openstack Platform
Nov 21, 2024
Sep 24, 2023
N/A· v4
5.5 MEDIUM· v3
N/A· v2
A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.
CVE-2023-1625
2Openstack
Redhat
2Heat
Openstack Platform
Nov 21, 2024
Sep 24, 2023
N/A· v4
5.0 MEDIUM· v3
N/A· v2
An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impac...Show more
An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.Show less
CVE-2023-1260
2Kubernetes
Redhat
2Kube Apiserver
Openshift Container Platform
Nov 21, 2024
Sep 24, 2023
N/A· v4
8.0 HIGH· v3
N/A· v2
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource b...Show more
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.Show less
CVE-2022-3962
2Kiali
Redhat
2Kiali
Openshift Service Mesh
Nov 21, 2024
Sep 23, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbit...Show more
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.Show less
CVE-2022-4039
1Redhat
5Openshift Container Platform
Openshift Container Platform For Ibm ZOpenshift Container Platform For Linuxone+2 more
Nov 21, 2024
Sep 22, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code...Show more
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.Show less
CVE-2022-3874
2Redhat
Theforeman
2Foreman
Satellite
Nov 21, 2024
Sep 22, 2023
N/A· v4
9.1 CRITICAL· v3
N/A· v2
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, poss...Show more
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.Show less
CVE-2022-3596
1Redhat
1Openstack Platform
Nov 21, 2024
Sep 20, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising p...Show more
An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.Show less
CVE-2022-3916
1Redhat
6Keycloak
Openshift Container PlatformOpenshift Container Platform For Linuxone+3 more
Nov 21, 2024
Sep 20, 2023
N/A· v4
6.8 MEDIUM· v3
N/A· v2
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session...Show more
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.Show less
CVE-2023-0462
2Redhat
Theforeman
2Foreman
Satellite
Nov 21, 2024
Sep 20, 2023
N/A· v4
9.1 CRITICAL· v3
N/A· v2
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.
CVE-2023-0118
2Redhat
Theforeman
2Foreman
Satellite
Nov 21, 2024
Sep 20, 2023
N/A· v4
9.1 CRITICAL· v3
N/A· v2
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
CVE-2022-1438
1Redhat
1Keycloak
Nov 21, 2024
Sep 20, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.