Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Red Hat Hardened Images — Vulnerabilities & Security Advisories 36

All 36 CVE vulnerabilities found in Red Hat Hardened Images, with AI-generated Chinese analysis, references, and POCs.

This page aggregates Common Weakness Enumeration (CWE) vulnerabilities associated with Red Hat Hardened Images provided by Red Hat. It focuses specifically on security flaws identified within these pre-configured, security-enhanced container and virtual machine images designed for high-assurance environments. The collection includes a comprehensive range of vulnerability types, such as buffer overflows, injection flaws, improper access control, and cryptographic failures, among others. The data covers historical records dating back to the early days of the product’s release cycle and extends through the most recent updates, ensuring that both legacy and contemporary security issues are documented. This temporal scope allows users to analyze long-term security trends and the impact of subsequent patch cycles on the overall attack surface of the hardened images. Users can utilize this resource to track vendor-specific advisories issued by Red Hat for these particular image builds, facilitating quicker incident response and remediation planning. Additionally, the page serves as a reference point for understanding the prevalence and characteristics of specific weakness classes within hardened infrastructure components. Administrators can also look up the complete vulnerability history of Red Hat Hardened Images to assess risk exposure over time, compare against baseline security standards, and verify the effectiveness of security hardening measures applied across different versions.

Vendor: Red Hat

CVE IDTitleCVSSSeverityPublished
CVE-2026-15028 Libarchive: heap overflow oob read while parsing a tar archive contains a pax extended header 3.9 Low2026-07-10
CVE-2026-14164 Libarchive: double-free vulnerability in rar5 decompression logic via dangling filtered_buf pointer in init_unpack() CWE-415 7.5 High2026-06-30
CVE-2026-13757 P11-kit: stack exhaustion via unbounded recursion in rpc attribute parsing CWE-674 6.2 Medium2026-06-29
CVE-2026-12912 Libtiff: libtiff: heap-based buffer overflow via crafted pixarlog-compressed tiff image CWE-122 7.3 High2026-06-29
CVE-2026-13595 Util-linux: util-linux: heap use-after-free in libblkid nested partition probing CWE-416 6.8 Medium2026-06-29
CVE-2026-55654 Openssh: heap out-of-bounds read in red hat enterprise linux versions of openssh gssapi indicator cleanup due to missing null sentinel termination CWE-125 3.7 Low2026-06-23
CVE-2026-55655 Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions CWE-923 5.0 Medium2026-06-23
CVE-2026-55653 Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service CWE-415 4.3 Medium2026-06-23
CVE-2026-56211 Libaom: libaom: remote code execution via svc layer context handling with attacker-controlled frames CWE-787 7.1 High2026-06-19
CVE-2026-56210 Libaom: libaom: heap-buffer-overflow read via missing bounds check in ctrl_set_layer_id CWE-125 7.1 High2026-06-19
CVE-2026-56209 Libaom: libaom: arbitrary address write via svc layer context oob and cyclic refresh map pointer hijack CWE-787 7.1 High2026-06-19
CVE-2026-56208 Libaom: libaom: heap buffer overflow in av1 encoder first-pass stats buffer via lap mode CWE-122 7.6 High2026-06-19
CVE-2026-12515 Katello: missing repository authorization in content_uploads exposes cross-product content existence CWE-862 4.3 Medium2026-06-17
CVE-2026-4367 Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing CWE-125 5.5 Medium2026-06-16
CVE-2026-11850 Krb5: krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read CWE-191 5.0 Medium2026-06-11
CVE-2026-44604 Rpm: command injection in rpmuncompress dountar() via unescaped archive top-level directory name in popen() shell command CWE-78 7.0 High2026-05-28
CVE-2026-6732 Libxml2: libxml2: denial of service via crafted xsd-validated document CWE-843 6.5 Medium2026-04-23
CVE-2026-6846 Binutils: binutils: arbitrary code execution via malformed xcoff object file processing CWE-122 7.8 High2026-04-22
CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file CWE-476 5.0 Medium2026-04-22
CVE-2026-1584 Gnutls: gnutls: remote denial of service via crafted clienthello with invalid psk binder CWE-476 7.5 High2026-04-09
CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows CWE-427 7.8 High2026-04-07
CVE-2026-5745 Libarchive: a null pointer dereference vulnerability exists in the acl parser of libarchive CWE-476 5.5 Medium2026-04-07
CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization CWE-289 3.7 Low2026-04-03
CVE-2026-2625 Rust-rpm-sequoia: rust-rpm-sequoia: denial of service via crafted rpm file during signature verification CWE-347 4.0 Medium2026-04-03
CVE-2026-4647 Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library CWE-125 6.1 Medium2026-03-23
CVE-2026-4426 Libarchive: libarchive: denial of service via malformed iso file processing CWE-1335 6.5 Medium2026-03-19
CVE-2026-3441 Binutils: gnu binutils: information disclosure via specially crafted xcoff object file CWE-125 6.1 Medium2026-03-15
CVE-2026-3442 Binutils: gnu binutils: information disclosure or denial of service via out-of-bounds read in bfd linker CWE-125 6.1 Medium2026-03-15
CVE-2026-4105 Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method CWE-284 6.7 Medium2026-03-13
CVE-2026-26158 Busybox: busybox: arbitrary file modification and privilege escalation via unvalidated tar archive entries CWE-73 7.0 High2026-02-11

All 36 known CVE vulnerabilities affecting Red Hat Hardened Images with full Chinese analysis, references, and POCs where available.