Vulnerabilidades en Red Hat

1513 resultados
Análisis Vexday

Com 1.477 CVEs catalogadas e 232 surgidas apenas nos últimos 90 dias, o volume de vulnerabilidades associadas ao Red Hat exige monitoramento contínuo. A taxa de exploração ativa está abaixo da média geral do catálogo, com apenas 1 CVE confirmada no CISA KEV — a CVE-2023-4911, que apresenta EPSS de 0,7861, indicando probabilidade elevada de exploração e merecendo atenção prioritária de equipes de resposta. Das 34 vulnerabilidades de severidade crítica, 18 contam com prova de conceito pública disponível, o que reduz a barreira técnica para exploração e aumenta o risco operacional. O tipo de falha mais recorrente é CWE-125 (leitura fora dos limites), padrão que frequentemente viabiliza vazamento de dados ou corrupção de memória e deve orientar revisões de hardening e priorização de patches.

CVE-2026-1539MEDIUMLibsoup: libsoup: credential leakage via http redirectsEPSS 0.2%CVE-2023-3773MEDIUMKernel: xfrm: out-of-bounds read of xfrma_mtimer_thresh nlattrEPSS 0.2%CVE-2026-10609MEDIUMOpenshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorizationEPSS 0.2%CVE-2026-1518LOWKeycloak: blind server-side request forgery (ssrf) via ciba backchannel notification endpoint in keycloakEPSS 0.2%CVE-2024-0340MEDIUMKernel: information disclosure in vhost/vhost.c:vhost_new_msg()EPSS 0.2%CVE-2025-0750MEDIUMCri-o: cri-o path traversal in log handling functions allows arbitrary unmountingEPSS 0.2%CVE-2024-45781MEDIUMGrub2: fs/ufs: oob write in the heapEPSS 0.2%CVE-2025-12103MEDIUMOpenshift-ai: trusty ai grants all authenticated users to list pods in any namespaceEPSS 0.2%CVE-2023-3180MEDIUMHeap buffer overflow in virtio_crypto_sym_op_helper()EPSS 0.2%CVE-2023-5090MEDIUMKernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrsEPSS 0.2%CVE-2024-45776MEDIUMGrub2: grub-core/gettext: integer overflow leads to heap oob write and read.EPSS 0.2%CVE-2025-66286MEDIUMWebkitgtk: authorization bypass through webpage::send-request signal handlerEPSS 0.2%CVE-2023-1476HIGHKpatch: mm/mremap.c: incomplete fix for cve-2022-41222EPSS 0.2%CVE-2026-7500MEDIUMOrg.keycloak.keycloak-services: improper access control on keycloak server when the account account api feature is disabledEPSS 0.2%CVE-2024-45777MEDIUMGrub2: grub-core/gettext: integer overflow leads to heap oob write.EPSS 0.2%CVE-2023-4065MEDIUMOperator: plaintext password in operator logEPSS 0.2%CVE-2025-1272HIGHKernel: secure boot does not automatically enable kernel lockdownEPSS 0.2%CVE-2023-5088MEDIUMQemu: improper ide controller reset can lead to mbr overwriteEPSS 0.2%CVE-2024-8939MEDIUMVllm: denials of service in vllm json web apiEPSS 0.2%CVE-2026-46579HIGHOpenshift/router: openshift/router: mtls client certificate spoofing via unstripped x-ssl-client headers on http frontendEPSS 0.2%