Vulnerabilidades en RED HAT
1485 resultadosCVE-2023-3640HIGHKernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user spaceEPSS 0.7%CVE-2024-28834MEDIUMGnutls: vulnerable to minerva side-channel information leakEPSS 0.7%CVE-2019-10159MEDIUMcfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration EPSS 0.7%CVE-2023-5380MEDIUMXorg-x11-server: use-after-free bug in destroywindowEPSS 0.7%CVE-2019-10201HIGHIt was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML EPSS 0.7%CVE-2023-6717MEDIUMKeycloak: xss via assertion consumer service url in saml post-binding flowEPSS 0.7%CVE-2022-3962MEDIUMKiali: error message spoofing in kiali uiEPSS 0.7%CVE-2023-1625HIGHInformation leak in apiEPSS 0.7%CVE-2024-0822HIGHOvirt: authentication bypassEPSS 0.7%CVE-2023-2974MEDIUMQuarkus-core: tls protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported tls protocolEPSS 0.7%CVE-2026-28367HIGHUndertow: undertow: request smuggling via `\r\r\r` as a header block terminatorEPSS 0.7%CVE-2026-28368HIGHUndertow: undertow: request smuggling via inconsistent header parsingEPSS 0.7%CVE-2025-10725CRITICALOpenshift-ai: overly permissive clusterrole allows authenticated users to escalate privileges to cluster adminEPSS 0.7%CVE-2019-3872MEDIUMIt was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x anEPSS 0.7%CVE-2022-4132MEDIUMMemory leak on tls connectionsEPSS 0.7%CVE-2022-4245MEDIUMCodehaus-plexus: xml external entity (xxe) injectionEPSS 0.7%CVE-2023-2585LOWKeycloak: client access via device auth request spoofEPSS 0.7%CVE-2025-32913HIGHLibsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition headerEPSS 0.7%CVE-2024-11738MEDIUMRustls: rustls network-reachable panic in `acceptor::accept`EPSS 0.7%CVE-2026-4111HIGHLibarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchiveEPSS 0.7%