Red Hat — Vulnerabilities & Security Advisories 691

Browse all 691 CVE security advisories affecting Red Hat. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Red Hat operates primarily as a provider of open-source enterprise software solutions, most notably its Linux operating system and container platforms. With 688 recorded Common Vulnerabilities and Exposures, the organization’s historical attack surface frequently involves remote code execution, cross-site scripting, and privilege escalation flaws within its middleware and management tools. These vulnerabilities often stem from complex codebases and third-party dependencies integrated into its distribution. Security characteristics are defined by a rigorous patching lifecycle and the Red Hat Security Response Team, which issues timely advisories for critical issues. While major public breaches directly attributed to Red Hat core infrastructure are rare, individual component flaws have occasionally allowed attackers to gain unauthorized access or execute arbitrary commands. The company maintains a strong reputation for transparency, providing detailed technical guidance to help administrators mitigate risks associated with its widely deployed enterprise technologies.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-3223	Undertow: outofmemoryerror due to @multipartconfig handling — Red Hat Fuse 7.12.1CWE-789	7.5	High	2023-09-27
CVE-2023-5157	Mariadb: node crashes with transport endpoint is not connected mysqld got signal 6 — Red Hat Enterprise Linux 8CWE-400	7.5	High	2023-09-26
CVE-2023-4065	Operator: plaintext password in operator log — RHEL-8 based Middleware ContainersCWE-117	5.5	Medium	2023-09-26
CVE-2023-42753	Kernel: netfilter: potential slab-out-of-bound access due to integer underflow — Red Hat Enterprise Linux 7CWE-787	7.0	High	2023-09-25
CVE-2022-4318	Cri-o: /etc/passwd tampering privesc — Red Hat OpenShift Container Platform 4.11CWE-538	7.8	High	2023-09-25
CVE-2022-4245	Codehaus-plexus: xml external entity (xxe) injection — RHINT Camel-K-1.10.1CWE-91	4.3	Medium	2023-09-25
CVE-2022-4244	Codehaus-plexus: directory traversal — RHINT Camel-K-1.10.1CWE-22	7.5	High	2023-09-25
CVE-2022-4137	Keycloak: reflected xss attack — Red Hat Single Sign-On 7CWE-81	8.1	High	2023-09-25
CVE-2023-5156	Glibc: dos due to memory leak in getaddrinfo.c — Red Hat Enterprise Linux 6CWE-401	7.5	High	2023-09-25
CVE-2022-3962	Kiali: error message spoofing in kiali ui — Red Hat OpenShift Service Mesh 2.3 for RHEL 8CWE-74	4.3	Medium	2023-09-23
CVE-2022-4039	Rhsso-container-image: unsecured management interface exposed to adjecent network — RHEL-8 based Middleware ContainersCWE-276	8.0	High	2023-09-22
CVE-2022-3596	Instack-undercloud: rsync leaks information to undercloud — Red Hat OpenStack Platform 13.0 - ELSCWE-402	7.5	High	2023-09-20
CVE-2022-3916	Keycloak: session takeover with oidc offline refreshtokens — Red Hat Single Sign-On 7CWE-384	6.8	Medium	2023-09-20
CVE-2022-1438	Keycloak: xss on impersonation under specific circumstances — Red Hat Single Sign-On 7CWE-79	6.4	Medium	2023-09-20
CVE-2023-4853	Quarkus: http security policy bypass — Openshift Serverless 1 on RHEL 8CWE-148	8.1	High	2023-09-20
CVE-2023-4806	Glibc: potential use-after-free in getaddrinfo() — Red Hat Enterprise Linux 8CWE-416	5.9	Medium	2023-09-18
CVE-2023-4527	Glibc: stack read overflow in getaddrinfo in no-aaaa mode — Red Hat Enterprise Linux 8CWE-121	6.5	Medium	2023-09-18
CVE-2023-0923	Odh-notebook-controller-container: missing authorization allows for file contents disclosure — RHODS-1.22-RHEL-8CWE-862	8.8	High	2023-09-15
CVE-2022-3466	Cri-o: security regression of cve-2022-27652 — Red Hat OpenShift Container Platform 4.12CWE-276	4.8	Medium	2023-09-15
CVE-2023-4959	Quay: cross-site request forgery (csrf) on config-editor page — Red Hat Quay 3CWE-352	6.5	Medium	2023-09-15
CVE-2023-3255	Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service — Red Hat Enterprise Linux 8CWE-835	6.5	Medium	2023-09-13
CVE-2023-4813	Glibc: potential use-after-free in gaih_inet() — Red Hat Enterprise Linux 8CWE-416	5.9	Medium	2023-09-12
CVE-2022-1415	Drools: unsafe data deserialization in streamutils — RHPAM 7.13.1 asyncCWE-502	8.1	High	2023-09-11
CVE-2023-38201	Keylime: challenge-response protocol bypass during agent registration — Red Hat Enterprise Linux 9CWE-639	6.5	Medium	2023-08-25
CVE-2023-4042	Ghostscript: incomplete fix for cve-2020-16305 — Red Hat Enterprise Linux 8CWE-125	5.5	Medium	2023-08-23
CVE-2023-3899	Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration — Red Hat Enterprise Linux 7CWE-285	7.8	High	2023-08-23
CVE-2023-4459	Kernel: vmxnet3: null pointer dereference in vmxnet3_rq_cleanup() — Red Hat Enterprise Linux 8.2 Advanced Update SupportCWE-476	5.5	Medium	2023-08-21
CVE-2023-4456	Openshift-logging: lokistack authorisation is cached too broadly — RHOL-5.5-RHEL-8CWE-1220	5.7	Medium	2023-08-21
CVE-2023-4387	Kernel: vmxnet3: use-after-free in vmxnet3_rq_alloc_rx_buf() — Red Hat Enterprise Linux 8CWE-416	7.1	High	2023-08-16
CVE-2023-4385	Kernel: jfs: null pointer dereference in dbfree() — Red Hat Enterprise Linux 6CWE-476	5.5	Medium	2023-08-16

This page lists every published CVE security advisory associated with Red Hat. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Red Hat — Vulnerabilities & Security Advisories 691