redhat

5,762 tracked vulnerabilities.

CVE-2026-12892 MEDIUM
GStreamer gst-plugins-bad H.264 Parser - Out-of-Bounds Read
Jun 23, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-12891 MEDIUM
GStreamer gst-plugins-bad H.266 Parser - Out-of-Bounds Read
Jun 23, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-12112 HIGH
Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse
Jun 23, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-11820 MEDIUM
Ansible community.general nexmo - API Credentials Exposed in GET URL
Jun 23, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-11819 MEDIUM
Community.general: community.general keyring_info — os keyring passphrase returned in plaintext
Jun 23, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-12969 MEDIUM
Dnsmasq: dnsmasq: out-of-bounds read in find_soa() due to missing extrabytes validation
Jun 23, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-10609 MEDIUM
Openshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorization
Jun 23, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-55655 MEDIUM
Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions
Jun 23, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-55654 LOW
Openssh: heap out-of-bounds read in red hat enterprise linux versions of openssh gssapi indicator cleanup due to missing null sentinel termination
Jun 23, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-55653 MEDIUM
Red Hat Enterprise Linux OpenSSH DH-GEX Client - Double Free Denial of Service
Jun 23, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-12725 MEDIUM
Dnsmasq: dnsmasq: heap buffer overflow in log_query() when logging unsupported ds/dnskey replies
Jun 22, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-12549 MEDIUM
libsoup SoupServer - Range Suffix Overflow Regression
Jun 22, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-54100 HIGH
Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft
Jun 22, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-54099 HIGH
Red Hat OpenShift WMCO WICD CSR - Cluster-Admin Privilege Escalation
Jun 22, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-11791 MEDIUM
389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()
Jun 18, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-47774 HIGH
Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification
Jun 17, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-12528 MEDIUM
389-ds-base: 389-ds-base: heap-buffer-overflows in __aclp__normalize_acltxt()
Jun 17, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-1767 MEDIUM
GNOME localsearch MP3 Extractor - Heap Buffer Overflow
Jun 16, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-1766 MEDIUM
Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and information disclosure via malformed mp3 files.
Jun 16, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-1764 MEDIUM
Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leads to denial of service or information disclosure when parsing mp3 files
Jun 16, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-54231 MEDIUM
Abrt: unsanitized systemd journal content written to dump directory files enables content injection
Jun 13, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-54230 HIGH
Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites
Jun 13, 2026
CVSS 7.0
EPSS 0.00
CVE-2026-11793 MEDIUM
389-ds-base: 389-ds-base: stack buffer overflow in checkprefix() algorithm id parsing
Jun 09, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-11790 MEDIUM
389-ds-base: 389-ds-base: pbkdf2 password storage plugin unbounded iteration count denial of service
Jun 09, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-11789 MEDIUM
389-ds-base: 389-ds-base: smd5 password storage plugin salt length integer underflow crash
Jun 09, 2026
CVSS 4.9
EPSS 0.00