Redhat Security Vulnerabilities (CVEs)
Track 318 security vulnerabilities affecting Redhat products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in OpenSC allows attackers to trigger a heap-based buffer out-of-bounds read by sending a specially crafted smart card package with...
Jun 1, 2023CVE-2023-34152 is a critical remote code execution vulnerability in ImageMagick's OpenBlob function when compiled with --enable-pipes configuration. A...
May 30, 2023This vulnerability in OpenLDAP causes a null pointer dereference in the ber_memalloc_x() function, which can lead to denial of service (DoS) by crashi...
May 30, 2023This vulnerability in libreswan's IKEv1 Aggressive Mode implementation causes the pluto daemon to crash when receiving specially crafted packets. It a...
May 17, 2023CVE-2023-2319 is a security regression in Red Hat Enterprise Linux 9.2 where a previously fixed Webpack vulnerability (CVE-2023-28154) was reintroduce...
May 17, 2023CVE-2023-2203 is a use-after-free vulnerability in WebKitGTK caused by improper input validation. Attackers can exploit this by delivering specially c...
May 17, 2023This vulnerability in the Linux kernel's RPL protocol handling allows unauthenticated remote attackers to trigger an assertion failure by sending spec...
May 9, 2023CVE-2023-32233 is a use-after-free vulnerability in the Linux kernel's Netfilter nf_tables subsystem that allows unprivileged local users to perform a...
May 8, 2023This CVE describes a use-after-free vulnerability in the ext4 filesystem that affects Apptainer container platform. It allows attackers to potentially...
Apr 25, 2023CVE-2022-1274 is an HTML injection vulnerability in Keycloak's execute-actions-email endpoint that allows attackers to inject arbitrary HTML into emai...
Mar 29, 2023CVE-2022-3787 is a local privilege escalation vulnerability in device-mapper-multipath where attackers can bypass access controls by writing to UNIX d...
Mar 29, 2023A use-after-free vulnerability in the NFS server implementation in the Linux kernel allows a local attacker to crash the system or potentially leak ke...
Mar 29, 2023This vulnerability allows a local unprivileged user on Windows systems running QEMU Guest Agent to manipulate the installer's repair custom actions, l...
Mar 29, 2023A buffer overflow vulnerability in the Linux Kernel's Netfilter subsystem allows local attackers to leak memory addresses and potentially execute arbi...
Mar 27, 2023CVE-2022-2237 is an open redirect vulnerability in Keycloak's Node.js adapter checkSso function. This allows attackers to redirect users to malicious ...
Mar 27, 2023This CVE-2023-0494 vulnerability in X.Org allows attackers to exploit a dangling pointer in DeepCopyPointerClasses via ProcXkbSetDeviceInfo() and Proc...
Mar 27, 2023A memory corruption vulnerability in the Linux kernel's HID subsystem allows local attackers to crash the system or potentially escalate privileges by...
Mar 27, 2023This CVE describes an out-of-bounds read vulnerability in the Broadcom brcmfmac WiFi driver in the Linux kernel. When processing association request d...
Mar 27, 2023An uncontrolled resource consumption vulnerability in HAProxy could allow an authenticated remote attacker to crash the service by running a specially...
Mar 23, 2023This vulnerability in tripleo-ansible allows local attackers to discover sensitive configuration files through brute force directory exploration due t...
Mar 23, 2023CVE-2022-4904 is a stack buffer overflow vulnerability in the c-ares DNS library's ares_set_sortlist function. Attackers can trigger denial of service...
Mar 6, 2023CVE-2019-8720 is a memory corruption vulnerability in WebKit that allows arbitrary code execution when processing malicious web content. This affects ...
Mar 6, 2023A use-after-free vulnerability in the Linux kernel's SGI GRU driver allows local attackers to crash the system or potentially escalate privileges. Thi...
Mar 6, 2023CVE-2022-4492 is a server certificate validation bypass vulnerability in Undertow HTTP client. It allows attackers to perform man-in-the-middle attack...
Feb 23, 2023This CVE describes a timing side-channel vulnerability in GnuTLS that allows attackers to perform Bleichenbacher-style attacks against RSA encryption....
Feb 15, 2023This vulnerability in OpenStack Manila's Ceph filesystem integration allows a share owner to read or write any Manila share or the entire filesystem, ...
Jul 25, 2022This vulnerability allows a client application with a valid access token to exchange tokens for any target client by specifying the target's client_id...
Jul 8, 2022CVE-2021-3697 is a heap buffer underflow vulnerability in GRUB2's JPEG parser that allows a crafted JPEG image to corrupt heap memory. Successful expl...
Jul 6, 2022CVE-2013-4561 is a temporary file handling vulnerability in OpenShift's mcollective facts update cron job that allows local attackers to overwrite arb...
Jun 30, 2022This vulnerability allows attackers to bypass Secure Boot protections on specific Red Hat Enterprise Linux kernel builds for IBM Power architecture. W...
Jun 21, 2022This CVE-2022-32545 is an integer overflow vulnerability in ImageMagick's PSD file parser. When processing specially crafted or untrusted PSD files, i...
Jun 16, 2022This CVE is an alignment vulnerability in ImageMagick's property.c file where misaligned memory access for double and float types can cause undefined ...
Jun 16, 2022This XML External Entity (XXE) vulnerability in Drools allows attackers to read arbitrary files from the server filesystem or perform server-side requ...
Jun 16, 2022CVE-2022-1998 is a use-after-free vulnerability in the Linux kernel's fanotify file system notification subsystem. A local attacker could trigger this...
Jun 9, 2022This vulnerability in CRI-O allows attackers with Kube API access to cause memory or disk space exhaustion on Kubernetes nodes by executing commands t...
Jun 7, 2022CVE-2022-1652 is a use-after-free vulnerability in the Linux kernel's floppy disk driver that allows local attackers to execute arbitrary code or caus...
Jun 2, 2022CVE-2021-3717 is a security flaw in Wildfly's elytron configuration that incorrectly handles JBOSS_LOCAL_USER challenges. This allows any local user o...
May 24, 2022CVE-2022-30599 is a critical SQL injection vulnerability in Moodle's badges functionality that allows attackers to execute arbitrary SQL commands. Thi...
May 18, 2022An out-of-bounds read vulnerability in PCRE2 library's JIT compiler allows reading memory beyond allocated buffers during recursive regular expression...
May 16, 2022A DMA reentrancy vulnerability in QEMU's USB EHCI controller emulation allows malicious guests to write crafted data to controller registers during pa...
May 2, 2022This vulnerability in QEMU's QXL display device emulation allows a malicious privileged guest user to trigger an integer overflow and subsequent heap ...
Apr 29, 2022A use-after-free vulnerability in the Linux kernel's sound subsystem allows local attackers to trigger race conditions in ALSA PCM ioctl operations. T...
Apr 29, 2022CVE-2022-1227 is a privilege escalation vulnerability in Podman that allows attackers to gain host filesystem access when users run 'podman top' on ma...
Apr 29, 2022A local privilege escalation vulnerability in the Linux kernel's pfkey_register function allows unprivileged local users to access kernel memory. This...
Apr 29, 2022CVE-2021-3523 is a connection reuse vulnerability in 3Scale APICast that allows attackers to bypass API security restrictions when multiple APIs are h...
Apr 27, 2022CVE-2022-28796 is a use-after-free vulnerability in the Linux kernel's jbd2 journaling subsystem caused by a transaction_t race condition. This allows...
Apr 8, 2022This vulnerability in Podman and Moby (Docker Engine) allows containers to start with non-empty inheritable Linux process capabilities. An attacker wi...
Apr 4, 2022This vulnerability in Keycloak allows session persistence after logout when using external SAML identity providers with specific Principal Type config...
Apr 1, 2022CVE-2019-14839 is an information disclosure vulnerability in Business-central console where HTTP requests expose login credentials during authenticati...
Apr 1, 2022CVE-2022-1055 is a use-after-free vulnerability in the Linux kernel's tc_new_tfilter function that allows local attackers to escalate privileges. The ...
Mar 29, 2022Why Monitor Redhat Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 318+ known vulnerabilities affecting Redhat products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Redhat packages in under 60 seconds. No agents required - completely agentless scanning that works across Redhat deployments.
Free vulnerability database: Access detailed information about every Redhat CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Redhat CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
