Redhat Security Vulnerabilities (CVEs)

This vulnerability in Squashfs-Tools allows directory traversal attacks during archive extraction. Attackers can craft malicious squashfs archives tha...

This vulnerability in the Linux kernel's virtio_console driver allows an untrusted virtual device to supply a buffer length value exceeding the actual...

CVE-2021-3580 is a vulnerability in nettle's RSA decryption functions where specially crafted ciphertext can cause application crashes and denial of s...

This vulnerability in QEMU's USB redirector device emulation allows a malicious SPICE client to trigger a heap corruption when packet queues fill duri...

A local privilege escalation vulnerability in Linux kernel versions before 5.9-rc1 allows attackers with local access to crash systems or gain root pr...

A buffer overflow vulnerability in the ptp4l program of the linuxptp package allows remote attackers to leak information, crash systems, or potentiall...

CVE-2020-25716 is a privilege escalation vulnerability in CloudForms where users with specific group permissions can perform administrator-only action...

This vulnerability allows attackers with access to containers using nmstate/kubernetes-nmstate-handler to modify the /etc/passwd file and escalate pri...

This vulnerability allows attackers with access to a container mounting /etc/kubernetes or local node access to copy the kubeconfig file and potential...

This vulnerability allows attackers with valid external authentication (SSO or OpenID) to impersonate existing local users in Red Hat Satellite, gaini...

CVE-2020-14326 is a denial-of-service vulnerability in RESTEasy's RootNode caching mechanism that allows attackers to cause hash flooding, resulting i...

CVE-2020-10771 is a CSRF vulnerability in Infinispan 10 that allows attackers to perform unauthorized actions via GET requests. This affects systems r...

CVE-2021-3412 is a brute force vulnerability in all versions of 3Scale developer portal that lacks login attempt protections. Attackers can exploit th...

CVE-2021-3516 is a use-after-free vulnerability in libxml2's xmllint tool that allows attackers to execute arbitrary code or cause denial of service b...

CVE-2020-25710 is an assertion failure vulnerability in OpenLDAP's csnNormalize23() function that allows remote attackers to crash the LDAP service by...

This vulnerability in Ansible Tower allows attackers to obtain non-expiring OAuth2 refresh tokens when requesting authentication tokens. Any user who ...

CVE-2018-10865 is an authorization bypass vulnerability in Red Hat Certification 7 that allows unauthenticated users to trigger restart operations on ...

CVE-2019-14836 is a Cross-Site Request Forgery (CSRF) vulnerability in the 3scale developer portal login mechanism. This allows attackers to trick aut...

CVE-2020-36332 is a memory exhaustion vulnerability in libwebp library versions before 1.0.1. When processing specially crafted WebP images, libwebp a...

This vulnerability in libdnf allows attackers to execute arbitrary code by modifying RPM package headers and tricking users into installing them. It a...

A use-after-free vulnerability in libxml2 versions before 2.9.11 allows attackers to submit crafted XML files to applications using this library, pote...

CVE-2020-25709 is an assertion failure vulnerability in OpenLDAP's slapd server that allows remote attackers to crash the service by sending specially...

This vulnerability allows attackers with access to log files to steal internal authentication tokens used between the noobaa operator and core compone...

This vulnerability exposes Ansible log files to all users during OpenStack stack operations, potentially revealing sensitive configuration data and cr...

This vulnerability in the Linux kernel's KVM API allows a user process to trigger an out-of-bounds write by manipulating the internal.ndata value. It ...

CVE-2021-3472 is an integer underflow vulnerability in xorg-x11-server that allows local attackers to escalate privileges on affected systems. This fl...

This vulnerability in GStreamer's Matroska demuxer allows attackers to trigger use-after-free conditions by processing specially crafted media files. ...

This CVE-2021-20288 vulnerability in Ceph allows attackers to reuse authentication keys by exploiting improper sanitization of other_keys during CEPHX...

This vulnerability in Nettle cryptographic library allows attackers to forge digital signatures by exploiting incorrect elliptic curve multiplication ...

A vulnerability in RPM's signature verification allows attackers to craft malicious packages that appear valid but corrupt the RPM database upon insta...

This vulnerability allows an attacker with access to a container running the vulnerable operator-framework/presto component in Red Hat OpenShift 4 to ...

This vulnerability allows attackers with access to a container running the operator-framework/hadoop in Red Hat OpenShift 4 to modify the /etc/passwd ...

This vulnerability allows an attacker with access to the operator-metering container in Red Hat OpenShift 4 to modify the /etc/passwd file, potentiall...

CVE-2019-19343 is a memory leak vulnerability in Undertow's HttpOpenListener when using Remoting in Red Hat JBoss EAP. This flaw allows attackers to c...

This vulnerability in Keycloak's new account console allows attackers to execute malicious code via manipulated referrer URLs. It affects Keycloak dep...

This vulnerability in Pygments' SMLLexer causes an infinite loop when processing Standard ML source files containing only the 'exception' keyword, lea...

CVE-2019-14852 is a cryptographic vulnerability in 3scale's APIcast gateway that allows TLS 1.0 protocol usage, enabling attackers to potentially decr...