Red Hat — Vulnerabilities & Security Advisories 691

Browse all 691 CVE security advisories affecting Red Hat. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Red Hat operates primarily as a provider of open-source enterprise software solutions, most notably its Linux operating system and container platforms. With 688 recorded Common Vulnerabilities and Exposures, the organization’s historical attack surface frequently involves remote code execution, cross-site scripting, and privilege escalation flaws within its middleware and management tools. These vulnerabilities often stem from complex codebases and third-party dependencies integrated into its distribution. Security characteristics are defined by a rigorous patching lifecycle and the Red Hat Security Response Team, which issues timely advisories for critical issues. While major public breaches directly attributed to Red Hat core infrastructure are rare, individual component flaws have occasionally allowed attackers to gain unauthorized access or execute arbitrary commands. The company maintains a strong reputation for transparency, providing detailed technical guidance to help administrators mitigate risks associated with its widely deployed enterprise technologies.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-5379	Undertow: ajp request closes connection exceeding maxrequestsize — Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7CWE-770	7.5	High	2023-12-12
CVE-2023-4958	Stackrox: missing http security headers allows for clickjacking in web ui — Red Hat Advanced Cluster Security 4.2CWE-1021	6.1	Medium	2023-12-12
CVE-2023-6679	Kernel: null pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c — Red Hat Enterprise Linux 9CWE-476	5.5	Medium	2023-12-11
CVE-2023-5870	Postgresql: role pg_signal_backend can signal certain superuser processes. — Red Hat Advanced Cluster Security 4.2CWE-400	2.2	Low	2023-12-10
CVE-2023-5869	Postgresql: buffer overrun from integer overflow in array modification — Red Hat Advanced Cluster Security 4.2CWE-190	8.8	High	2023-12-10
CVE-2023-5868	Postgresql: memory disclosure in aggregate function calls — Red Hat Advanced Cluster Security 4.2CWE-686	4.3	Medium	2023-12-10
CVE-2023-6394	Quarkus: graphql operations over websockets bypass — Red Hat build of Quarkus 2.13.9.FinalCWE-862	7.4	High	2023-12-09
CVE-2023-6622	Kernel: null pointer dereference vulnerability in nft_dynset_init() — Red Hat Enterprise Linux 8CWE-476	5.5	Medium	2023-12-08
CVE-2023-6610	Kernel: oob access in smb2_dump_detail — Red Hat Enterprise Linux 8CWE-125	7.1	High	2023-12-08
CVE-2023-6606	Kernel: out-of-bounds read vulnerability in smbcalcsize — Red Hat Enterprise Linux 8CWE-125	7.1	High	2023-12-08
CVE-2023-6393	Quarkus: potential invalid reuse of context when @cacheresult on a uni is used — Red Hat build of Quarkus 2.13.9.FinalCWE-200	5.3	Medium	2023-12-06
CVE-2023-5981	Gnutls: timing side-channel in the rsa-psk authentication — Red Hat Enterprise Linux 8CWE-208	5.9	Medium	2023-11-28
CVE-2023-5871	Libnbd: malicious nbd server may crash libnbd — Red Hat Enterprise Linux 9CWE-617	5.3	Medium	2023-11-27
CVE-2023-6277	Libtiff: out-of-memory in tiffopen via a craft file — Red Hat Enterprise Linux 6CWE-400	6.5	Medium	2023-11-24
CVE-2023-5341	Imagemagick: heap use-after-free in coders/bmp.c — Red Hat Enterprise Linux 6CWE-416	6.2	Medium	2023-11-19
CVE-2023-6176	Kernel: local dos vulnerability in scatterwalk_copychunks — Red Hat Enterprise Linux 8	4.7	Medium	2023-11-16
CVE-2023-6121	Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get — Red Hat Enterprise Linux 8CWE-125	4.3	Medium	2023-11-16
CVE-2023-5189	Hub: insecure galaxy-importer tarfile extraction — Red Hat Ansible Automation Platform 2.4 for RHEL 8CWE-23	6.3	Medium	2023-11-14
CVE-2023-39198	Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create() — Red Hat Enterprise Linux 8CWE-416	7.5	High	2023-11-09
CVE-2023-4061	Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor — Red Hat JBoss Enterprise Application Platform 7CWE-200	6.5	Medium	2023-11-08
CVE-2023-4956	Quay: clickjacking on config-editor page severity — Red Hat Quay 3CWE-1021	6.5	Medium	2023-11-07
CVE-2023-4535	Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys — Red Hat Enterprise Linux 9CWE-125	4.5	Medium	2023-11-06
CVE-2023-4910	3scale-admin-portal: logged out users tokens can be accessed — Red Hat 3scale API Management Platform 2CWE-668	5.5	Medium	2023-11-06
CVE-2023-5090	Kernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs — Red Hat Enterprise Linux 8CWE-755	6.0	Medium	2023-11-06
CVE-2023-5088	Qemu: improper ide controller reset can lead to mbr overwrite — Red Hat Enterprise Linux 8CWE-821	6.4	Medium	2023-11-03
CVE-2023-3961	Samba: smbd allows client access to unix domain sockets on the file system as root — Red Hat Enterprise Linux 8CWE-22	9.1	Critical	2023-11-03
CVE-2023-1476	Kpatch: mm/mremap.c: incomplete fix for cve-2022-41222 — Red Hat Enterprise Linux 8CWE-416	7.0	High	2023-11-03
CVE-2023-5824	Squid: dos against http and https — Red Hat Enterprise Linux 8CWE-755	7.5	High	2023-11-03
CVE-2023-4091	Samba: smb clients can truncate files with read-only permissions — Red Hat Enterprise Linux 8CWE-276	6.5	Medium	2023-11-03
CVE-2023-5408	Openshift: modification of node role labels — Red Hat OpenShift Container Platform 4.11CWE-269	7.2	High	2023-11-02

This page lists every published CVE security advisory associated with Red Hat. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Red Hat — Vulnerabilities & Security Advisories 691