Red Hat Cost Management
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Cost Management.
Recent Red Hat Cost Management Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2026:39981 | (RHSA-2026:39981) Cost Management Metrics Operator Update | July 15, 2026 |
| RHSA-2026:27998 | (RHSA-2026:27998) Cost Management Metrics Operator Update | June 22, 2026 |
| RHSA-2026:3228 | (RHSA-2026:3228) Cost Management Metrics Operator Update | February 24, 2026 |
| RHSA-2025:22428 | (RHSA-2025:22428) Cost Management Metrics Operator Update | December 1, 2025 |
| RHSA-2024:6462 | (RHSA-2024:6462) Moderate: Cost Management enhancement and security update | September 9, 2024 |
| RHSA-2023:6044 | (RHSA-2023:6044) Important: Cost Management security update | October 23, 2023 |
By the Year
In 2026 there have been 3 vulnerabilities in Red Hat Cost Management with an average score of 7.3 out of ten. Last year, in 2025 Cost Management had 1 security vulnerability published. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 2.87.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 7.27 |
| 2025 | 1 | 4.40 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 7.50 |
It may take a day or so for new Cost Management vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Cost Management Security Vulnerabilities
libcap TOCTOU in cap_set_file() leads to privilege escalation
CVE-2026-4878
6.7 - Medium
- April 09, 2026
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
TOCTTOU
CVE-2026-2100: Uninitialized Return in p11-kit C_DeriveKey DS
CVE-2026-2100
5.3 - Medium
- March 26, 2026
A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.
Access of Uninitialized Pointer
OpenSSL 3.x CMS AuthEnvelopedData AEAD IV stack overflow (v3.6+)
CVE-2025-15467
9.8 - Critical
- January 27, 2026
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
Memory Corruption
CVE-2025-5278: Heap Buffer Under-Read in GNU Coreutils sort begfield()
CVE-2025-5278
4.4 - Medium
- May 27, 2025
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
Stack Overflow
HTTP/2 DoS via Stream Reset in nginx
CVE-2023-44487
7.5 - High
- October 10, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Resource Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Cost Management or by Red Hat? Click the Watch button to subscribe.