Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

RED HAT — Vulnerabilities & Security Advisories 691

Browse all 691 CVE security advisories affecting RED HAT. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Red Hat operates primarily as a provider of open-source enterprise software solutions, most notably its Linux operating system and container platforms. With 688 recorded Common Vulnerabilities and Exposures, the organization’s historical attack surface frequently involves remote code execution, cross-site scripting, and privilege escalation flaws within its middleware and management tools. These vulnerabilities often stem from complex codebases and third-party dependencies integrated into its distribution. Security characteristics are defined by a rigorous patching lifecycle and the Red Hat Security Response Team, which issues timely advisories for critical issues. While major public breaches directly attributed to Red Hat core infrastructure are rare, individual component flaws have occasionally allowed attackers to gain unauthorized access or execute arbitrary commands. The company maintains a strong reputation for transparency, providing detailed technical guidance to help administrators mitigate risks associated with its widely deployed enterprise technologies.

Top products by RED HAT: Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 6 Ansible keycloak Red Hat Enterprise Linux 9 Red Hat build of Keycloak 26.4 Red Hat Hardened Images Red Hat Enterprise Linux 7 glusterfs Red Hat Build of Keycloak kernel Red Hat build of Keycloak 26.2 newlib mirror registry for Red Hat OpenShift Red Hat Ansible Automation Platform 2.5 for RHEL 8 undertow OpenShift Red Hat Single Sign-On 7 samba Red Hat Advanced Cluster Security 4.2 Red Hat Quay 3 wildfly cloudforms ipa Red Hat Ansible Automation Platform 2.4 for RHEL 8 cfme Red Hat build of Apache Camel for Spring Boot 4 Red Hat Ansible Automation Platform 2 Ansible Tower
CVE IDTitleCVSSSeverityPublished
CVE-2023-6236 Eap: oidc app attempting to access the second tenant, the user should be prompted to log — Red Hat JBoss Enterprise Application Platform 8CWE-345 7.3 High2024-04-10
CVE-2024-3446 Qemu: virtio: dma reentrancy issue leads to double free vulnerability — Red Hat Enterprise Linux 8CWE-415 8.2 High2024-04-09
CVE-2023-5685 Xnio: stackoverflowexception when the chain of notifier states becomes problematically big — Red Hat build of Apache Camel 4.4.0 for Spring BootCWE-400 7.5 High2024-03-22
CVE-2024-1394 Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads — Red Hat Ansible Automation Platform 2.4 for RHEL 8CWE-401 7.5 High2024-03-21
CVE-2023-7250 Iperf3: possible denial of service — Red Hat Enterprise Linux 8CWE-183 5.3 Medium2024-03-18
CVE-2024-1013 Unixodbc: out of bounds stack write due to pointer-to-integer types conversion — Red Hat Enterprise Linux 6CWE-823 7.8 High2024-03-18
CVE-2023-6725 Tripleo-ansible: bind keys are world readable — Red Hat OpenStack Platform 17.1 for RHEL 8CWE-1220 5.5 Medium2024-03-15
CVE-2023-6917 Pcp: unsafe use of directories allows pcp to root privilege escalation — Red Hat Enterprise Linux 9CWE-367 6.0 Medium2024-02-28
CVE-2023-6681 Jwcrypto: denail of service via specifically crafted jwe — Red Hat Enterprise Linux 8CWE-400 5.3 Medium2024-02-12
CVE-2024-1151 Kernel: stack overflow problem in open vswitch kernel module leading to dos — Red Hat Enterprise Linux 9CWE-121 5.5 Medium2024-02-11
CVE-2023-6536 Kernel: null pointer dereference in __nvmet_req_complete — Red Hat Enterprise Linux 8CWE-476 6.5 Medium2024-02-07
CVE-2023-6535 Kernel: null pointer dereference in nvmet_tcp_execute_request — Red Hat Enterprise Linux 8CWE-476 6.5 Medium2024-02-07
CVE-2023-6356 Kernel: null pointer dereference in nvmet_tcp_build_iovec — Red Hat Enterprise Linux 8CWE-476 6.5 Medium2024-02-07
CVE-2023-4503 Eap-galleon: custom provisioning creates unsecured http-invoker — EAP 7.4.14CWE-665 6.8 Medium2024-02-06
CVE-2023-7216 Cpio: extraction allows symlinks which enables remote command execution — Red Hat Enterprise Linux 6CWE-59 5.3 Medium2024-02-05
CVE-2023-6240 Kernel: marvin vulnerability side-channel leakage in the rsa decryption operation — Red Hat Enterprise Linux 8CWE-203 6.5 Medium2024-02-04
CVE-2023-5992 Opensc: side-channel leaks while stripping encryption pkcs#1 padding — Red Hat Enterprise Linux 8CWE-203 5.6 Medium2024-01-31
CVE-2023-40551 Shim: out of bounds read when parsing mz binaries — Red Hat Enterprise Linux 7CWE-125 5.1 Medium2024-01-29
CVE-2023-40546 Shim: out-of-bounds read printing error messages — Red Hat Enterprise Linux 7CWE-476 6.2 Medium2024-01-29
CVE-2023-40549 Shim: out-of-bounds read in verify_buffer_authenticode() malformed pe file — Red Hat Enterprise Linux 7CWE-125 6.2 Medium2024-01-29
CVE-2023-40550 Shim: out-of-bound read in verify_buffer_sbat() — Red Hat Enterprise Linux 7CWE-125 5.5 Medium2024-01-29
CVE-2023-40548 Shim: interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems — Red Hat Enterprise Linux 7CWE-787 7.4 High2024-01-29
CVE-2024-0841 Kernel: hugetlbfs: null pointer dereference in hugetlbfs_fill_super function — Red Hat Enterprise Linux 8CWE-476 6.6 Medium2024-01-28
CVE-2023-6291 Keycloak: redirect_uri validation bypass — Red Hat build of Keycloak 22CWE-601 7.1 High2024-01-26
CVE-2023-6267 Quarkus: json payload getting processed prior to security checks when rest resources are used with annotations. — Red Hat build of Quarkus 2.13.9.FinalCWE-755 8.6 High2024-01-25
CVE-2023-40547 Shim: rce in http boot support may lead to secure boot bypass — Red Hat Enterprise Linux 7CWE-787 8.3 High2024-01-25
CVE-2023-39197 Kernel: dccp: conntrack out-of-bounds read in nf_conntrack_dccp_packet() — Red Hat Enterprise Linux 6CWE-125 4.0 Medium2024-01-23
CVE-2023-6531 Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf — Red Hat Enterprise Linux 9CWE-362 7.0 High2024-01-21
CVE-2023-6816 Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer — Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONCWE-787 9.8 Critical2024-01-18
CVE-2023-4001 Grub2: bypass the grub password protection feature — Red Hat Enterprise Linux 9CWE-290 6.8 Medium2024-01-15

This page lists every published CVE security advisory associated with RED HAT. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.