Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Red Hat Enterprise Linux 10 — Vulnerabilities & Security Advisories 121

All 121 CVE vulnerabilities found in Red Hat Enterprise Linux 10, with AI-generated Chinese analysis, references, and POCs.

This page is an aggregation of Common Weakness Enumeration vulnerabilities associated with Red Hat Enterprise Linux 10. It compiles security issues affecting this specific operating system distribution, providing a consolidated view of weaknesses rather than isolated reports. The content on this page collects a broad spectrum of vulnerability types, including privilege escalation, cross-site scripting, denial of service, and information disclosure flaws. The time range covered spans from the initial release of Red Hat Enterprise Linux 10 to the most recent published advisories and patches. This ensures that both historical context and current risk landscapes are represented for system administrators and security analysts. Here, you can discover detailed tracking of vendor advisories released by Red Hat for this product. You can also gain a deeper understanding of specific weakness classes by examining how they manifest within the kernel and user-space components of the operating system. Additionally, the page allows you to look up the vulnerability history of Red Hat Enterprise Linux 10, helping you assess the evolution of security posture over time. This information supports informed decision-making regarding patch management, configuration hardening, and compliance auditing. By aggregating these data points, the page serves as a central reference for evaluating the security health of deployments running this major enterprise Linux platform. It facilitates comprehensive analysis without requiring navigation through multiple disparate sources, thereby streamlining the vulnerability assessment process for IT security teams managing RHEL 10 environments.

Vendor: Red Hat

CVE IDTitleCVSSSeverityPublished
CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall CWE-250 7.8 High2026-06-18
CVE-2026-4367 Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing CWE-125 5.5 Medium2026-06-16
CVE-2026-10649 Pacemaker: pacemaker: denial of service via integer overflow in remote message decompression CWE-190 8.6 High2026-06-16
CVE-2026-42014 Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin CWE-825 6.6 Medium2026-06-16
CVE-2026-1767 Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leading to denial of service or information disclosure via malformed mp3 id3 tags CWE-805 5.6 Medium2026-06-16
CVE-2026-1766 Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and information disclosure via malformed mp3 files. CWE-805 5.6 Medium2026-06-16
CVE-2026-1765 Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and potential information disclosure via crafted mp3 files CWE-125 5.6 Medium2026-06-16
CVE-2026-1764 Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leads to denial of service or information disclosure when parsing mp3 files CWE-125 5.6 Medium2026-06-16
CVE-2026-52718 Gstreamer1-plugins-bad-free: gstreamer: denial of service via av1 tile_list_obu parser byte/bit confusion CWE-617 6.5 Medium2026-06-15
CVE-2026-52722 Gstreamer1-plugins-bad-free: gstreamer: signed integer overflow in vmnc decoder cursor payload handling CWE-190 7.1 High2026-06-15
CVE-2026-52720 Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectangle in librfb CWE-122 8.8 High2026-06-15
CVE-2026-53703 Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer audio stream header parser CWE-125 7.1 High2026-06-15
CVE-2026-53704 Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer fileinfo metadata parser CWE-125 7.1 High2026-06-15
CVE-2026-52721 Gstreamer1-plugins-bad-free: gstreamer: multiple out-of-bounds reads in pcapparse ipv4/tcp header parsing CWE-125 5.3 Medium2026-06-15
CVE-2026-53705 Gstreamer1-plugins-good: gstreamer: heap buffer overflow in wavpack decoder via integer overflow CWE-190 7.6 High2026-06-15
CVE-2026-52719 Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds read via jpeg segment length validation in va decoder CWE-125 7.1 High2026-06-15
CVE-2026-53702 Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser CWE-787 6.5 Medium2026-06-11
CVE-2026-53701 Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds write in h.266/vvc pps picture partition parser CWE-787 6.5 Medium2026-06-11
CVE-2026-6893 Dracut: dracut: root code execution via dhcp options command injection CWE-78 7.5 High2026-06-10
CVE-2026-11837 Ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown CWE-59 7.3 High2026-06-10
CVE-2026-3238 Samba: denial of service against ad dc wins server CWE-476 7.5 High2026-06-08
CVE-2026-5419 Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal CWE-208 3.7 Low2026-06-01
CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service CWE-121 7.8 High2026-06-01
CVE-2026-10118 Poppler: integer overflow in poppler splashoutputdev::tilingpatternfill leads to heap buffer overflow via unchecked dimension multiplication CWE-190 7.8 High2026-06-01
CVE-2026-6324 Libsoup: libsoup: http request smuggling via unsigned to signed conversion error CWE-444 4.8 Medium2026-05-29
CVE-2026-10028 Glib-networking: infinite loop in glib-networking gnutls backend allows remote denial of service via circular certificate chain CWE-835 4.3 Medium2026-05-28
CVE-2026-4408 Samba: remote code execution in samr CWE-78 9.0 Critical2026-05-28
CVE-2026-1933 Samba: missing access check on reparse point operations CWE-284 7.1 High2026-05-27
CVE-2026-2340 Samba: vfs_worm does not block directory modification CWE-280 6.5 Medium2026-05-27
CVE-2026-3012 Samba: group policy certificate enrollment uses http:// without validation CWE-345 8.0 High2026-05-27

All 121 known CVE vulnerabilities affecting Red Hat Enterprise Linux 10 with full Chinese analysis, references, and POCs where available.