redhat

5,762 tracked vulnerabilities.

CVE-2024-5154 HIGH
cri-o - Path Traversal via Symbolic Link
Jun 12, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-3183 HIGH
Red Hat Enterprise Linux - Use of Password Hash With Insufficient Computational Effort in FreeIPA
Jun 12, 2024
CVSS 8.1
EPSS 0.02
CVE-2024-3049 MEDIUM
Booth < 1.1 - Insufficient Verification of Data Authenticity
Jun 06, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-5037 HIGH
Red Hat OpenShift Container Platform 4.12-4.16 - Authentication Bypass via Forged JWT Token
Jun 05, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-4812 MEDIUM
Katello - Stored Cross-Site Scripting in User Description Field
Jun 05, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-3716 MEDIUM
Red Hat Satellite - Exposure of Sensitive Information via Candlepin Password Leak in Process List
Jun 05, 2024
CVSS 6.2
EPSS 0.00
CVE-2024-3623 MEDIUM
Red Hat Mirror Registry - Plaintext Storage of Database Secret Key
Apr 25, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-3622 HIGH
Red Hat Mirror Registry - Plaintext Password Storage in Configuration Template
Apr 25, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-3508 MEDIUM
Trusted Profile Analyzer - Authenticated Unrestricted Upload of Compressed SBOM Files
Apr 25, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-1102 MEDIUM
jberet < 2.2.1 - Unprotected Credential Exposure via Exception Logging
Apr 25, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-1132 HIGH
Keycloak >=21.1.0 <22.0.10 - Open Redirect via Wildcard Valid Redirect URIs
Apr 17, 2024
CVSS 8.1
EPSS 0.02
CVE-2024-3567 MEDIUM
QEMU 8.1.0-8.2.3 - Denial of Service via SCTP Checksum Calculation
Apr 10, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-0406 MEDIUM
mholt/archiver 3.0.0-4.0.0 - Path Traversal and Arbitrary File Write via Crafted Tar Archive
Apr 06, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-2496 MEDIUM
libvirt - Denial of Service via udevConnectListAllInterfaces NULL Pointer Dereference
Mar 18, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-2002 HIGH
libdwarf >=0.1.0 <0.9.2 - Double Free
Mar 18, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-1725 MEDIUM
OpenShift Virtualization < - Privilege Escalation
Mar 07, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-1722 LOW
Keycloak - Unauthenticated Account Lockout Bypass
Feb 29, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-0560 MEDIUM
3scale - Improper Handling of Insufficient Permissions or Privileges in Token Introspection Policy
Feb 28, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-1635 HIGH
Netapp Active IQ Unified Manager < 2.3.12.Final - Denial of Service
Feb 19, 2024
CVSS 7.5
EPSS 0.05
CVE-2024-1488 HIGH
Unbound < 1.19.1-2.fc40 - Unauthenticated Configuration Manipulation via Localhost Port 8953
Feb 15, 2024
CVSS 8.0
EPSS 0.00
CVE-2024-1485 HIGH
devfile/registry-support < 0.0.0-20240206 - Unauthenticated Path Traversal via Malicious Archive Decompression
Feb 14, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-1454 LOW
OpenSC < 0.25.0 - Use-After-Free in AuthentIC Driver Card Enrolment
Feb 12, 2024
CVSS 3.4
EPSS 0.00
CVE-2024-1459 MEDIUM
Undertow < 2.2.31.Final - Path Traversal via HTTP Request
Feb 12, 2024
CVSS 5.3
EPSS 0.02
CVE-2024-1062 MEDIUM
389 Directory Server < 2.2.0 - Denial of Service via Heap Overflow in log_entry_attr
Feb 12, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-1151 MEDIUM
Linux Kernel - Stack-based Buffer Overflow in Open vSwitch
Feb 11, 2024
CVSS 5.5
EPSS 0.00