Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Red Hat — Vulnerabilities & Security Advisories 787

Browse all 787 CVE security advisories affecting Red Hat. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Red Hat operates primarily as a provider of open-source enterprise software solutions, most notably its Linux operating system and container platforms. With 688 recorded Common Vulnerabilities and Exposures, the organization’s historical attack surface frequently involves remote code execution, cross-site scripting, and privilege escalation flaws within its middleware and management tools. These vulnerabilities often stem from complex codebases and third-party dependencies integrated into its distribution. Security characteristics are defined by a rigorous patching lifecycle and the Red Hat Security Response Team, which issues timely advisories for critical issues. While major public breaches directly attributed to Red Hat core infrastructure are rare, individual component flaws have occasionally allowed attackers to gain unauthorized access or execute arbitrary commands. The company maintains a strong reputation for transparency, providing detailed technical guidance to help administrators mitigate risks associated with its widely deployed enterprise technologies.

Top products by Red Hat: Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 6 Ansible Red Hat build of Keycloak 26.4 keycloak Red Hat Enterprise Linux 9 Red Hat Hardened Images Red Hat build of Keycloak 26.6 Red Hat Build of Keycloak Red Hat build of Keycloak 26.2 Red Hat Enterprise Linux 7 glusterfs Red Hat Directory Server 11 kernel Red Hat Quay 3 newlib Red Hat Single Sign-On 7 undertow Red Hat OpenShift Container Platform 4 OpenShift Red Hat Ansible Automation Platform 2.5 for RHEL 8 Red Hat Ansible Automation Platform 2 samba cloudforms ipa Red Hat Advanced Cluster Security 4.2 Red Hat Ansible Automation Platform 2.4 for RHEL 8 cfme wildfly
CVE IDTitleCVSSSeverityPublished
CVE-2026-54231 Abrt: unsanitized systemd journal content written to dump directory files enables content injection — Red Hat Enterprise Linux 6CWE-74 5.5 Medium2026-06-13
CVE-2026-54230 Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites — Red Hat Enterprise Linux 6CWE-59 7.0 High2026-06-13
CVE-2026-54229 Abrt: chownproblemdir succeeds during active post-create event processing due to inadequate locking — Red Hat Enterprise Linux 6CWE-362 7.0 High2026-06-13
CVE-2026-54228 Abrt: toctou race condition in abrt-dbus setelement allows arbitrary file writes to dump directories — Red Hat Enterprise Linux 6CWE-367 7.8 High2026-06-13
CVE-2026-53702 Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser — Red Hat Enterprise Linux 10CWE-787 6.5 Medium2026-06-11
CVE-2026-53701 Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds write in h.266/vvc pps picture partition parser — Red Hat Enterprise Linux 10CWE-787 6.5 Medium2026-06-11
CVE-2026-11774 389-ds-base: 389-ds-base: integer overflow in sasl packet length bypasses size limit leading to heap buffer overflow — Red Hat Directory Server 11CWE-190 7.6 High2026-06-11
CVE-2026-11986 Keycloak-rest-admin-ui-ext: authorization bypass vulnerability in the admin-ui-ext bulk role-mapping-delete endpoints of keycloak — Red Hat Build of KeycloakCWE-425 4.9 Medium2026-06-11
CVE-2026-11850 Krb5: krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read — Red Hat Hardened ImagesCWE-191 5.0 Medium2026-06-11
CVE-2026-6893 Dracut: dracut: root code execution via dhcp options command injection — Red Hat Enterprise Linux 10CWE-78 8.8 High2026-06-10
CVE-2026-11884 389-ds-base: 389-ds-base: heap buffer overflow in schema objectclass serialization due to missing oc_superior in size calculation — Red Hat Directory Server 11CWE-122 6.5 Medium2026-06-10
CVE-2026-11837 Ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown — Red Hat Enterprise Linux 10CWE-59 7.3 High2026-06-10
CVE-2026-11792 389-ds-base: 389-ds-base: heap buffer overflow in audit log password masking (create_masked_entry_string) — Red Hat Directory Server 11CWE-122 3.3 Low2026-06-09
CVE-2026-11793 389-ds-base: 389-ds-base: stack buffer overflow in checkprefix() algorithm id parsing — Red Hat Directory Server 11CWE-121 4.9 Medium2026-06-09
CVE-2026-11790 389-ds-base: 389-ds-base: pbkdf2 password storage plugin unbounded iteration count denial of service — Red Hat Directory Server 11CWE-400 4.9 Medium2026-06-09
CVE-2026-11789 389-ds-base: 389-ds-base: smd5 password storage plugin salt length integer underflow crash — Red Hat Directory Server 11CWE-191 4.9 Medium2026-06-09
CVE-2026-11787 389-ds-base: 389-ds-base: heap buffer over-read in ldap_utf8prev() via str2simple filter parsing — Red Hat Directory Server 11CWE-126 5.0 Medium2026-06-09
CVE-2026-11788 389-ds-base: 389-ds-base: null pointer dereference in deref control plugin ber parser — Red Hat Directory Server 11CWE-476 5.9 Medium2026-06-09
CVE-2026-11786 389-ds-base: 389-ds-base: heap out-of-bounds read in ldif parser str2entry_state_information_from_type() — Red Hat Directory Server 11CWE-125 1.9 Low2026-06-09
CVE-2026-11785 389-ds-base: 389-ds-base: partial stack address information leak via ber_printf type confusion in sso token handler — Red Hat Directory Server 11CWE-843 4.3 Medium2026-06-09
CVE-2026-52902 Awxkit: path traversal via yaml !include directive — Red Hat Ansible Automation Platform 2CWE-22 4.7 Medium2026-06-09
CVE-2026-11611 389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions — Red Hat Directory Server 11CWE-400 6.5 Medium2026-06-08
CVE-2026-11577 Keycloak: keycloak: privilege escalation via partialimport fgap permission bypass — Red Hat Build of KeycloakCWE-863 7.2 High2026-06-08
CVE-2026-11569 Quay: quay: stored xss via filedrop svg upload — Red Hat Quay 3CWE-79 5.4 Medium2026-06-08
CVE-2026-3238 Samba: denial of service against ad dc wins server — Red Hat Enterprise Linux 10CWE-476 7.5 High2026-06-08
CVE-2026-50263 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow() — Red Hat Enterprise Linux 10CWE-416 5.5 Medium2026-06-05
CVE-2026-50262 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes — Red Hat Enterprise Linux 10CWE-125 5.5 Medium2026-06-05
CVE-2026-50264 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds heap write in dri2 drigetbuffers/drigetbufferswithformat — Red Hat Enterprise Linux 10CWE-787 7.8 High2026-06-05
CVE-2026-50261 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter() — Red Hat Enterprise Linux 10CWE-416 7.8 High2026-06-05
CVE-2026-50260 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter() — Red Hat Enterprise Linux 10CWE-416 7.8 High2026-06-05

This page lists every published CVE security advisory associated with Red Hat. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.