Filtered by vendor Redhat Subscriptions
Total 23033 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-2157 1 Redhat 1 Satellite 2025-11-21 3.3 Low
A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited effectively.
CVE-2024-6501 1 Redhat 2 Enterprise Linux, Openshift 2025-11-21 3.1 Low
A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service.
CVE-2024-6126 1 Redhat 1 Enterprise Linux 2025-11-21 3.2 Low
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.
CVE-2024-5967 1 Redhat 3 Build Keycloak, Red Hat Single Sign On, Rhosemc 2025-11-21 2.7 Low
A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL  independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain.
CVE-2023-39418 3 Debian, Postgresql, Redhat 5 Debian Linux, Postgresql, Enterprise Linux and 2 more 2025-11-21 3.1 Low
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
CVE-2023-39327 2 Redhat, Uclouvain 2 Enterprise Linux, Openjpeg 2025-11-21 4.3 Medium
A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.
CVE-2023-4042 2 Artifex, Redhat 9 Ghostscript, Codeready Linux Builder, Codeready Linux Builder For Arm64 and 6 more 2025-11-21 5.5 Medium
A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.
CVE-2024-5742 2 Gnu, Redhat 2 Nano, Enterprise Linux 2025-11-21 6.7 Medium
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
CVE-2024-49395 3 Mutt, Neomutt, Redhat 3 Mutt, Neomutt, Enterprise Linux 2025-11-21 5.3 Medium
In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.
CVE-2024-49394 3 Mutt, Neomutt, Redhat 3 Mutt, Neomutt, Enterprise Linux 2025-11-21 5.3 Medium
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
CVE-2024-31419 1 Redhat 1 Container Native Virtualization 2025-11-21 4.3 Medium
An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace without being explicitly enabled by an administrator.
CVE-2024-4629 1 Redhat 12 Build Keycloak, Build Of Keycloak, Enterprise Linux and 9 more 2025-11-21 6.5 Medium
A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.
CVE-2024-4028 1 Redhat 2 Build Keycloak, Red Hat Single Sign On 2025-11-21 3.8 Low
A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.
CVE-2024-3716 1 Redhat 1 Satellite 2025-11-21 6.2 Medium
A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password.
CVE-2023-4535 3 Fedoraproject, Opensc Project, Redhat 3 Fedora, Opensc, Enterprise Linux 2025-11-21 4.5 Medium
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.
CVE-2024-12401 1 Redhat 8 Cert Manager, Connectivity Link, Cryostat and 5 more 2025-11-21 4.4 Medium
A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.
CVE-2024-11217 1 Redhat 1 Openshift 2025-11-21 4.9 Medium
A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options.
CVE-2024-1726 1 Redhat 1 Quarkus 2025-11-21 5.3 Medium
A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service.
CVE-2024-1722 1 Redhat 3 Build Keycloak, Keycloak, Red Hat Single Sign On 2025-11-21 3.7 Low
A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.
CVE-2024-0564 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-11-21 5.3 Medium
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker can leak the victim's page.