RED HAT — Vulnerabilities & Security Advisories 691

Browse all 691 CVE security advisories affecting RED HAT. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Red Hat operates primarily as a provider of open-source enterprise software solutions, most notably its Linux operating system and container platforms. With 688 recorded Common Vulnerabilities and Exposures, the organization’s historical attack surface frequently involves remote code execution, cross-site scripting, and privilege escalation flaws within its middleware and management tools. These vulnerabilities often stem from complex codebases and third-party dependencies integrated into its distribution. Security characteristics are defined by a rigorous patching lifecycle and the Red Hat Security Response Team, which issues timely advisories for critical issues. While major public breaches directly attributed to Red Hat core infrastructure are rare, individual component flaws have occasionally allowed attackers to gain unauthorized access or execute arbitrary commands. The company maintains a strong reputation for transparency, providing detailed technical guidance to help administrators mitigate risks associated with its widely deployed enterprise technologies.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-5119	Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment — Red Hat Enterprise Linux 8CWE-319	5.9	Medium	2026-03-30
CVE-2024-3446	Qemu: virtio: dma reentrancy issue leads to double free vulnerability — Red Hat Enterprise Linux 8CWE-415	8.2	High	2024-04-09
CVE-2023-7250	Iperf3: possible denial of service — Red Hat Enterprise Linux 8CWE-183	5.3	Medium	2024-03-18
CVE-2023-6681	Jwcrypto: denail of service via specifically crafted jwe — Red Hat Enterprise Linux 8CWE-400	5.3	Medium	2024-02-12
CVE-2023-6536	Kernel: null pointer dereference in __nvmet_req_complete — Red Hat Enterprise Linux 8CWE-476	6.5	Medium	2024-02-07
CVE-2023-6535	Kernel: null pointer dereference in nvmet_tcp_execute_request — Red Hat Enterprise Linux 8CWE-476	6.5	Medium	2024-02-07
CVE-2023-6356	Kernel: null pointer dereference in nvmet_tcp_build_iovec — Red Hat Enterprise Linux 8CWE-476	6.5	Medium	2024-02-07
CVE-2023-6240	Kernel: marvin vulnerability side-channel leakage in the rsa decryption operation — Red Hat Enterprise Linux 8CWE-203	6.5	Medium	2024-02-04
CVE-2023-5992	Opensc: side-channel leaks while stripping encryption pkcs#1 padding — Red Hat Enterprise Linux 8CWE-203	5.6	Medium	2024-01-31
CVE-2024-0841	Kernel: hugetlbfs: null pointer dereference in hugetlbfs_fill_super function — Red Hat Enterprise Linux 8CWE-476	6.6	Medium	2024-01-28
CVE-2023-6915	Kernel: null pointer dereference vulnerability in ida_free in lib/idr.c — Red Hat Enterprise Linux 8CWE-476	6.2	Medium	2024-01-15
CVE-2023-6683	Qemu: vnc: null pointer dereference in qemu_clipboard_request() — Red Hat Enterprise Linux 8CWE-476	6.5	Medium	2024-01-12
CVE-2023-6004	Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname — Red Hat Enterprise Linux 8CWE-74	4.8	Medium	2024-01-03
CVE-2023-6693	Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx() — Red Hat Enterprise Linux 8CWE-121	4.9	Medium	2024-01-02
CVE-2023-7008	Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes — Red Hat Enterprise Linux 8CWE-300	5.9	Medium	2023-12-23
CVE-2023-6546	Kernel: gsm multiplexing race condition leads to privilege escalation — Red Hat Enterprise Linux 8CWE-366	7.0	High	2023-12-21
CVE-2023-6918	Libssh: missing checks for return values for digests — Red Hat Enterprise Linux 8CWE-252	3.7	Low	2023-12-18
CVE-2023-6228	Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c — Red Hat Enterprise Linux 8CWE-787	3.3	Low	2023-12-18
CVE-2023-6622	Kernel: null pointer dereference vulnerability in nft_dynset_init() — Red Hat Enterprise Linux 8CWE-476	5.5	Medium	2023-12-08
CVE-2023-6610	Kernel: oob access in smb2_dump_detail — Red Hat Enterprise Linux 8CWE-125	7.1	High	2023-12-08
CVE-2023-6606	Kernel: out-of-bounds read vulnerability in smbcalcsize — Red Hat Enterprise Linux 8CWE-125	7.1	High	2023-12-08
CVE-2023-5981	Gnutls: timing side-channel in the rsa-psk authentication — Red Hat Enterprise Linux 8CWE-208	5.9	Medium	2023-11-28
CVE-2023-6176	Kernel: local dos vulnerability in scatterwalk_copychunks — Red Hat Enterprise Linux 8	4.7	Medium	2023-11-16
CVE-2023-6121	Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get — Red Hat Enterprise Linux 8CWE-125	4.3	Medium	2023-11-16
CVE-2023-39198	Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create() — Red Hat Enterprise Linux 8CWE-416	7.5	High	2023-11-09
CVE-2023-5090	Kernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs — Red Hat Enterprise Linux 8CWE-755	6.0	Medium	2023-11-06
CVE-2023-5088	Qemu: improper ide controller reset can lead to mbr overwrite — Red Hat Enterprise Linux 8CWE-821	6.4	Medium	2023-11-03
CVE-2023-3961	Samba: smbd allows client access to unix domain sockets on the file system as root — Red Hat Enterprise Linux 8CWE-22	9.1	Critical	2023-11-03
CVE-2023-1476	Kpatch: mm/mremap.c: incomplete fix for cve-2022-41222 — Red Hat Enterprise Linux 8CWE-416	7.0	High	2023-11-03
CVE-2023-4091	Samba: smb clients can truncate files with read-only permissions — Red Hat Enterprise Linux 8CWE-276	6.5	Medium	2023-11-03

This page lists every published CVE security advisory associated with RED HAT. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

RED HAT — Vulnerabilities & Security Advisories 691