Red Hat — Vulnerabilities & Security Advisories 710

Browse all 710 CVE security advisories affecting Red Hat. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Red Hat operates primarily as a provider of open-source enterprise software solutions, most notably its Linux operating system and container platforms. With 688 recorded Common Vulnerabilities and Exposures, the organization’s historical attack surface frequently involves remote code execution, cross-site scripting, and privilege escalation flaws within its middleware and management tools. These vulnerabilities often stem from complex codebases and third-party dependencies integrated into its distribution. Security characteristics are defined by a rigorous patching lifecycle and the Red Hat Security Response Team, which issues timely advisories for critical issues. While major public breaches directly attributed to Red Hat core infrastructure are rare, individual component flaws have occasionally allowed attackers to gain unauthorized access or execute arbitrary commands. The company maintains a strong reputation for transparency, providing detailed technical guidance to help administrators mitigate risks associated with its widely deployed enterprise technologies.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-39192	Kernel: netfilter: xtables out-of-bounds read in u32_match_it() — Red Hat Enterprise Linux 8CWE-125	6.7	Medium	2023-10-09
CVE-2023-39189	Kernel: netfilter: nftables out-of-bounds read in nf_osf_match_one() — Red Hat Enterprise Linux 8CWE-125	5.1	Medium	2023-10-09
CVE-2023-42755	Kernel: rsvp: out-of-bounds read in rsvp_classify() — Red Hat Enterprise Linux 8CWE-125	6.5	Medium	2023-10-05
CVE-2023-42754	Kernel: ipv4: null pointer dereference in ipv4_send_dest_unreach() — Red Hat Enterprise Linux 8CWE-476	5.5	Medium	2023-10-05
CVE-2023-39191	Kernel: ebpf: insufficient stack type checks in dynptr — Red Hat Enterprise Linux 9CWE-20	8.2	High	2023-10-04
CVE-2023-3576	Libtiff: memory leak in tiffcrop.c — Red Hat Enterprise Linux 9CWE-119	5.5	Medium	2023-10-04
CVE-2023-3428	Imagemagick: heap-buffer-overflow in coders/tiff.c — Red Hat Enterprise Linux 6CWE-122	6.2	Medium	2023-10-04
CVE-2023-3971	Controller: html injection in custom login info — Red Hat Ansible Automation Platform 2.3 for RHEL 8CWE-80	7.3	High	2023-10-04
CVE-2023-4380	Platform: token exposed at importing project — Red Hat Ansible Automation Platform 2.4 for RHEL 8CWE-532	6.3	Medium	2023-10-04
CVE-2023-4237	Platform: ec2_key module prints out the private key directly to the standard output — Red Hat Ansible Automation Platform 2.4 for RHEL 8CWE-497	7.3	High	2023-10-04
CVE-2023-2422	Keycloak: oauth client impersonation — Red Hat Single Sign-On 7CWE-295	5.5	Medium	2023-10-04
CVE-2023-4586	Hotrod-client: hot rod client does not enable hostname validation when using tls that lead to a mitm attack — Red Hat Data Grid 8.4.6CWE-20	7.4	High	2023-10-04
CVE-2023-4732	Kernel: race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode bug in include/linux/swapops.h — Red Hat Enterprise Linux 8CWE-366	4.7	Medium	2023-10-03
CVE-2023-4886	Foreman: world readable file containing secrets — Red Hat Satellite 6.13 for RHEL 8CWE-200	6.7	Medium	2023-10-03
CVE-2023-42756	Kernel: netfilter: race condition between ipset_cmd_add and ipset_cmd_swap — Red Hat Enterprise Linux 9CWE-362	4.4	Medium	2023-09-28
CVE-2023-5215	Libnbd: crash or misbehaviour when nbd server returns an unexpected block size — Red Hat Enterprise Linux 9CWE-241	5.3	Medium	2023-09-28
CVE-2023-4066	Operator: passwords defined in secrets shown in statefulset yaml — RHEL-8 based Middleware ContainersCWE-313	5.5	Medium	2023-09-27
CVE-2023-3223	Undertow: outofmemoryerror due to @multipartconfig handling — Red Hat Fuse 7.12.1CWE-789	7.5	High	2023-09-27
CVE-2023-5157	Mariadb: node crashes with transport endpoint is not connected mysqld got signal 6 — Red Hat Enterprise Linux 8CWE-400	7.5	High	2023-09-26
CVE-2023-4065	Operator: plaintext password in operator log — RHEL-8 based Middleware ContainersCWE-117	5.5	Medium	2023-09-26
CVE-2023-42753	Kernel: netfilter: potential slab-out-of-bound access due to integer underflow — Red Hat Enterprise Linux 7CWE-787	7.0	High	2023-09-25
CVE-2022-4318	Cri-o: /etc/passwd tampering privesc — Red Hat OpenShift Container Platform 4.11CWE-538	7.8	High	2023-09-25
CVE-2022-4245	Codehaus-plexus: xml external entity (xxe) injection — RHINT Camel-K-1.10.1CWE-91	4.3	Medium	2023-09-25
CVE-2022-4244	Codehaus-plexus: directory traversal — RHINT Camel-K-1.10.1CWE-22	7.5	High	2023-09-25
CVE-2022-4137	Keycloak: reflected xss attack — Red Hat Single Sign-On 7CWE-81	8.1	High	2023-09-25
CVE-2023-5156	Glibc: dos due to memory leak in getaddrinfo.c — Red Hat Enterprise Linux 6CWE-401	7.5	High	2023-09-25
CVE-2022-3962	Kiali: error message spoofing in kiali ui — Red Hat OpenShift Service Mesh 2.3 for RHEL 8CWE-74	4.3	Medium	2023-09-23
CVE-2022-4039	Rhsso-container-image: unsecured management interface exposed to adjecent network — RHEL-8 based Middleware ContainersCWE-276	8.0	High	2023-09-22
CVE-2022-3596	Instack-undercloud: rsync leaks information to undercloud — Red Hat OpenStack Platform 13.0 - ELSCWE-402	7.5	High	2023-09-20
CVE-2022-3916	Keycloak: session takeover with oidc offline refreshtokens — Red Hat Single Sign-On 7CWE-384	6.8	Medium	2023-09-20

This page lists every published CVE security advisory associated with Red Hat. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Red Hat — Vulnerabilities & Security Advisories 710