Vulnerabilities in RED HAT
1,478 resultsCVE-2019-3869HIGHWhen running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variablEPSS 1.3%CVE-2018-10841MEDIUMglusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with EPSS 1.3%CVE-2017-2590HIGHA vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions EPSS 1.3%CVE-2020-1731CRITICALA flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random adminEPSS 1.3%CVE-2024-3727HIGHContainers/image: digest type does not guarantee valid typeEPSS 1.3%CVE-2018-1127MEDIUMTendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain aEPSS 1.3%CVE-2023-6683MEDIUMQemu: vnc: null pointer dereference in qemu_clipboard_request()EPSS 1.3%CVE-2016-8608MEDIUMJBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5EPSS 1.3%CVE-2023-5981MEDIUMGnutls: timing side-channel in the rsa-psk authenticationEPSS 1.3%CVE-2024-3657HIGH389-ds-base: potential denial of service via specially crafted kerberos as-req requestEPSS 1.3%CVE-2024-10270MEDIUMOrg.keycloak:keycloak-services: keycloak denial of serviceEPSS 1.3%CVE-2023-6563HIGHKeycloak: offline session token dosEPSS 1.2%CVE-2024-5154HIGHCri-o: malicious container can create symlink on hostEPSS 1.2%CVE-2024-0229HIGHXorg-x11-server: reattaching to different master device may lead to out-of-bounds memory accessEPSS 1.2%CVE-2026-42009HIGHGnutls: gnutls: denial of service via dtls packet reordering vulnerabilityEPSS 1.2%CVE-2026-33846HIGHGnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassemblyEPSS 1.2%CVE-2023-4853HIGHQuarkus: http security policy bypassEPSS 1.2%CVE-2020-25633MEDIUMA flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentiaEPSS 1.2%CVE-2024-3884HIGHUndertow: outofmemory when parsing form data encoding with application/x-www-form-urlencodedEPSS 1.2%CVE-2025-3891HIGHMod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabledEPSS 1.2%