Red Hat — Vulnerabilities & Security Advisories 691

Browse all 691 CVE security advisories affecting Red Hat. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Red Hat operates primarily as a provider of open-source enterprise software solutions, most notably its Linux operating system and container platforms. With 688 recorded Common Vulnerabilities and Exposures, the organization’s historical attack surface frequently involves remote code execution, cross-site scripting, and privilege escalation flaws within its middleware and management tools. These vulnerabilities often stem from complex codebases and third-party dependencies integrated into its distribution. Security characteristics are defined by a rigorous patching lifecycle and the Red Hat Security Response Team, which issues timely advisories for critical issues. While major public breaches directly attributed to Red Hat core infrastructure are rare, individual component flaws have occasionally allowed attackers to gain unauthorized access or execute arbitrary commands. The company maintains a strong reputation for transparency, providing detailed technical guidance to help administrators mitigate risks associated with its widely deployed enterprise technologies.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-3397	Kernel: slab-use-after-free write in txend due to race condition — Red Hat Enterprise Linux 6CWE-416	7.0	High	2023-11-01
CVE-2023-5178	Kernel: use after free in nvmet_tcp_free_crypto in nvme — Red Hat Enterprise Linux 8CWE-416	8.8	High	2023-11-01
CVE-2023-3972	Insights-client: unsafe handling of temporary files and directories — Red Hat Enterprise Linux 7CWE-379	7.8	High	2023-11-01
CVE-2023-5625	Python-eventlet: patch regression for cve-2021-21419 in some red hat builds — Ironic content for Red Hat OpenShift Container Platform 4.12CWE-770	5.3	Medium	2023-11-01
CVE-2023-5574	Xorg-x11-server: use-after-free bug in damagedestroy — Red Hat Enterprise Linux 9CWE-416	7.0	High	2023-10-25
CVE-2023-5380	Xorg-x11-server: use-after-free bug in destroywindow — Red Hat Enterprise Linux 7CWE-416	4.7	Medium	2023-10-25
CVE-2023-5367	Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty — Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONCWE-787	7.8	High	2023-10-25
CVE-2023-4693	Grub2: out-of-bounds read at fs/ntfs.c — Red Hat Enterprise Linux 8CWE-125	5.3	Medium	2023-10-25
CVE-2023-5568	Samba: heap buffer overflow with freshness tokens in the heimdal kdc — Red Hat Enterprise Linux 6CWE-122	5.9	Medium	2023-10-24
CVE-2023-5633	Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling — Red Hat Enterprise Linux 8CWE-911	7.8	High	2023-10-23
CVE-2023-5557	Tracker-miners: sandbox escape — Red Hat Enterprise Linux 8CWE-693	7.5	High	2023-10-13
CVE-2023-39194	Kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match() — Red Hat Enterprise Linux 8CWE-125	3.2	Low	2023-10-09
CVE-2023-39193	Kernel: netfilter: xtables sctp out-of-bounds read in match_flags() — Red Hat Enterprise Linux 8CWE-125	6.1	Medium	2023-10-09
CVE-2023-39192	Kernel: netfilter: xtables out-of-bounds read in u32_match_it() — Red Hat Enterprise Linux 8CWE-125	6.7	Medium	2023-10-09
CVE-2023-39189	Kernel: netfilter: nftables out-of-bounds read in nf_osf_match_one() — Red Hat Enterprise Linux 8CWE-125	5.1	Medium	2023-10-09
CVE-2023-42755	Kernel: rsvp: out-of-bounds read in rsvp_classify() — Red Hat Enterprise Linux 8CWE-125	6.5	Medium	2023-10-05
CVE-2023-42754	Kernel: ipv4: null pointer dereference in ipv4_send_dest_unreach() — Red Hat Enterprise Linux 8CWE-476	5.5	Medium	2023-10-05
CVE-2023-39191	Kernel: ebpf: insufficient stack type checks in dynptr — Red Hat Enterprise Linux 9CWE-20	8.2	High	2023-10-04
CVE-2023-3576	Libtiff: memory leak in tiffcrop.c — Red Hat Enterprise Linux 9CWE-119	5.5	Medium	2023-10-04
CVE-2023-3428	Imagemagick: heap-buffer-overflow in coders/tiff.c — Red Hat Enterprise Linux 6CWE-122	6.2	Medium	2023-10-04
CVE-2023-3971	Controller: html injection in custom login info — Red Hat Ansible Automation Platform 2.3 for RHEL 8CWE-80	7.3	High	2023-10-04
CVE-2023-4380	Platform: token exposed at importing project — Red Hat Ansible Automation Platform 2.4 for RHEL 8CWE-532	6.3	Medium	2023-10-04
CVE-2023-4237	Platform: ec2_key module prints out the private key directly to the standard output — Red Hat Ansible Automation Platform 2.4 for RHEL 8CWE-497	7.3	High	2023-10-04
CVE-2023-2422	Keycloak: oauth client impersonation — Red Hat Single Sign-On 7CWE-295	5.5	Medium	2023-10-04
CVE-2023-4586	Hotrod-client: hot rod client does not enable hostname validation when using tls that lead to a mitm attack — Red Hat Data Grid 8.4.6CWE-20	7.4	High	2023-10-04
CVE-2023-4732	Kernel: race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode bug in include/linux/swapops.h — Red Hat Enterprise Linux 8CWE-366	4.7	Medium	2023-10-03
CVE-2023-4886	Foreman: world readable file containing secrets — Red Hat Satellite 6.13 for RHEL 8CWE-200	6.7	Medium	2023-10-03
CVE-2023-42756	Kernel: netfilter: race condition between ipset_cmd_add and ipset_cmd_swap — Red Hat Enterprise Linux 9CWE-362	4.4	Medium	2023-09-28
CVE-2023-5215	Libnbd: crash or misbehaviour when nbd server returns an unexpected block size — Red Hat Enterprise Linux 9CWE-241	5.3	Medium	2023-09-28
CVE-2023-4066	Operator: passwords defined in secrets shown in statefulset yaml — RHEL-8 based Middleware ContainersCWE-313	5.5	Medium	2023-09-27

This page lists every published CVE security advisory associated with Red Hat. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Red Hat — Vulnerabilities & Security Advisories 691