Red Hat Rhel E4s
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Rhel E4s.
By the Year
In 2026 there have been 2 vulnerabilities in Red Hat Rhel E4s with an average score of 8.6 out of ten. Last year, in 2025 Rhel E4s had 75 security vulnerabilities published. Right now, Rhel E4s is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.23.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 8.60 |
| 2025 | 75 | 7.37 |
| 2024 | 34 | 7.17 |
| 2023 | 20 | 7.30 |
It may take a day or so for new Rhel E4s vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Rhel E4s Security Vulnerabilities
Libsoup Multipart HTTP Response Buffer Overflow CVE-2026-1761
CVE-2026-1761
8.6 - High
- February 02, 2026
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
Stack Overflow
libsoup NTLM auth signed int overflow causes stack corruption
CVE-2026-0719
8.6 - High
- January 08, 2026
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.
Stack Overflow
HTTP Host Header Smuggling via libsoups Duplicate Host Handling
CVE-2025-14523
8.2 - High
- December 11, 2025
A flaw in libsoups HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.
HTTP Request Smuggling
WebKitGTK Unexpected Crash from Malicious Web Content (CVE-2025-66287)
CVE-2025-66287
8.8 - High
- December 04, 2025
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
Classic Buffer Overflow
WebKitGTK File DragDrop Info Disclosure (CVE-2025-13947)
CVE-2025-13947
7.4 - High
- December 03, 2025
A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.
Origin Validation Error
Glib Heap Buffer Overflow in g_escape_uri_string()
CVE-2025-13601
7.7 - High
- November 26, 2025
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
Integer Overflow or Wraparound
Out-of-Bounds Read / Integer Underflow in WebKitGTK (UIProcess DoS)
CVE-2025-13502
7.5 - High
- November 25, 2025
A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.
Out-of-bounds Read
Keylime Agent: UUID Overwrite via TPM ID Spoof
CVE-2025-13609
8.2 - High
- November 24, 2025
A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.
Use of Multiple Resources with Duplicate Identifier
kdcproxy DoS via Unbounded TCP Response Length (CVE-2025-59089)
CVE-2025-59089
5.9 - Medium
- November 12, 2025
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copies the entire buffered stream into a new buffer on each recv() call, even when the transfer is incomplete, causing excessive memory allocation and CPU usage. Additionally, kdcproxy accepts incoming response chunks as long as the received data length is not exactly equal to the length indicated in the response header, even when individual chunks or the total buffer exceed the maximum length of a Kerberos message. This allows an attacker to send unbounded data until the connection timeout is reached (approximately 12 seconds), exhausting server memory or CPU resources. Multiple concurrent requests can cause accept queue overflow, denying service to legitimate clients.
Allocation of Resources Without Limits or Throttling
DNS SSRF in MIT Kerberos kdcproxy
CVE-2025-59088
8.6 - High
- November 12, 2025
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the "use_dns" setting is explicitly set to false are not affected.
SSRF
UA-FAULT: X.Org X Server X11 Present Extension UseAfterFree (CVE202562229)
CVE-2025-62229
7.3 - High
- October 30, 2025
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
Dangling pointer
X.Org X Server Xkb Extension Use-After-Free on Client Cleanup
CVE-2025-62230
7.3 - High
- October 30, 2025
A flaw was discovered in the X.Org X servers X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
Dangling pointer
X.Org X Server XkbSetCompatMap Short Overflow Causing CRASH
CVE-2025-62231
7.3 - High
- October 30, 2025
A flaw was identified in the X.Org X servers X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
Integer Overflow or Wraparound
SSSD AD Kerberos Auth Plugin Flaw Enables Privilege Escalation
CVE-2025-11561
8.8 - High
- October 09, 2025
A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts.
Improper Privilege Management
QEMU QIOChannelWebsock UAF via WebSocket handshake
CVE-2025-11234
7.5 - High
- October 03, 2025
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.
Dangling pointer
FreeIPA Privilege Escalation via Missing krbCanonicalName Validation
CVE-2025-7493
9.1 - Critical
- September 30, 2025
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
Insufficient Granularity of Access Control
libsoup OOB read via cookie date handling flaw
CVE-2025-11021
7.5 - High
- September 26, 2025
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
Out-of-bounds Read
Libtiff Write-What-Where via TIFF Height Field
CVE-2025-9900
8.8 - High
- September 23, 2025
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
Write-what-where Condition
Podman v4.0.0–v5.6.1: kube Play Overwrite Host Files via Symlink Volumes
CVE-2025-9566
8.1 - High
- September 05, 2025
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
Directory traversal
Udisks Daemon Local PrivEsc via Negative Loop Device Index on DBus
CVE-2025-8067
8.5 - High
- August 28, 2025
A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users.
Out-of-bounds Read
Linux-PAM pam_namespace LPE via Symlink Race
CVE-2025-8941
7.8 - High
- August 13, 2025
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
Directory traversal
GnuTLS NULL Deref in figure_common_ciphersuite()
CVE-2025-6395
6.5 - Medium
- July 10, 2025
A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().
NULL Pointer Dereference
libxslt Heap Corruption via atype Flag Manipulation
CVE-2025-7425
7.8 - High
- July 10, 2025
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Dangling pointer
GnuTLS certtool Heap OOB Null Write in Template Parsing – DoS
CVE-2025-32990
6.5 - Medium
- July 10, 2025
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
Heap-based Buffer Overflow
GnuTLS CT SCT Heap-Buffer-Overread (CVE-2025-32989)
CVE-2025-32989
5.3 - Medium
- July 10, 2025
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.
Improper Certificate Validation
GnuTLS Double-Free in SAN Export Logic (CVE-2025-32988)
CVE-2025-32988
6.5 - Medium
- July 10, 2025
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.
Double-free
Heap Buffer Overflow in gdk-pixbuf JPEG Load Leading to OOB Read & Code Exec
CVE-2025-7345
7.5 - High
- July 08, 2025
A flaw exists in gdkpixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glibs g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.
Classic Buffer Overflow
libssh ChaCha20 Heap Exhaustion Causes Unchecked Cipher Context (CVE-2025-5987)
CVE-2025-5987
8.1 - High
- July 07, 2025
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
Return of Wrong Status Code
libssh Before 3.0 (OpenSSL<3) SSH_KDF Return Value Misinterpretation
CVE-2025-5372
5 - Medium
- July 04, 2025
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for successthe function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
Incorrect Calculation
OOB Read in libssh SFTP Handle (CVE-2025-5318)
CVE-2025-5318
8.1 - High
- June 24, 2025
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
Out-of-bounds Read
Root Priv Escalation via libblockdev in udisks with XFS SUID
CVE-2025-6019
7 - High
- June 19, 2025
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
Execution with Unnecessary Privileges
X11 Xorg OOB Read via X Rendering Ext Cursor Handling
CVE-2025-49175
6.1 - Medium
- June 17, 2025
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
Out-of-bounds Read
Integer Overflow in BigRequests Extension Enables Request Size Bypass
CVE-2025-49176
7.3 - High
- June 17, 2025
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
Integer Overflow or Wraparound
Integer Overflow in X Record Extension of X11 Server Bypass Length Check
CVE-2025-49179
7.3 - High
- June 17, 2025
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
Integer Overflow or Wraparound
Xorg RandR RRChangeProviderProperty Integer Overflow
CVE-2025-49180
7.8 - High
- June 17, 2025
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
Integer Overflow or Wraparound
X Server 'bytes to ignore' flaw to DoS
CVE-2025-49178
5.5 - Medium
- June 17, 2025
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
Improper Locking
FreeIPA PrivEsc via duplicate krbCanonicalName yielding admin creds
CVE-2025-4404
9.1 - Critical
- June 17, 2025
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
Insufficient Granularity of Access Control
PAM Namespace Race: Local Priv Escal via Symlinks in linux-pam
CVE-2025-6020
7.8 - High
- June 17, 2025
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
Directory traversal
UAF in libxml2 XPath Parsing via sch:name Path (CVE-2025-49794)
CVE-2025-49794
9.1 - Critical
- June 16, 2025
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
Dangling pointer
Memory Corruption in libxml2 via sch:name -> DoS
CVE-2025-49796
9.1 - Critical
- June 16, 2025
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
Out-of-bounds Read
Stack Overflow in libxml2 xmlBuildQName (CVE-2025-6021)
CVE-2025-6021
7.5 - High
- June 12, 2025
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
Integer Overflow or Wraparound
Integer Overflow in libarchive RAR Reader Causes Double-Free
CVE-2025-5914
7.8 - High
- June 09, 2025
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
Integer Overflow or Wraparound
ICU Stack Buffer Overflow in Genrb: Local Arbitrary Code Execution
CVE-2025-5222
7 - High
- May 27, 2025
A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.
Classic Buffer Overflow
GIMP XCF UAF via crafted image causing crash
CVE-2025-48798
7.3 - High
- May 27, 2025
A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.
Dangling pointer
GIMP TGA Heap Buffer Overflow Causing Crashes
CVE-2025-48797
7.3 - High
- May 27, 2025
A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.
Heap-based Buffer Overflow
GNOME-RD: Unauth RDP Resource Exhaustion Crash in gnome-remote-desktop
CVE-2025-5024
7.4 - High
- May 22, 2025
A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.
Resource Exhaustion
Libsoup Cookie Expiration Integer Overflow
CVE-2025-4945
3.7 - Low
- May 19, 2025
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
Integer Overflow or Wraparound
libsoup Integer Underflow in multipart parsing leads to DoS
CVE-2025-4948
7.5 - High
- May 19, 2025
A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.
Integer underflow
GLib GString Integer Overflow Leading to Buffer Underrun
CVE-2025-4373
4.8 - Medium
- May 06, 2025
A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.
buffer underrun
Apache mod_auth_openidc POST Crash via OIDCPreservePost
CVE-2025-3891
7.5 - High
- April 29, 2025
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
Uncaught Exception
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Rhel E4s or by Red Hat? Click the Watch button to subscribe.
