Red Hat Rhui
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Rhui.
Recent Red Hat Rhui Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2026:1485 | (RHSA-2026:1485) Important: RHUI 4.11.3 security update - python-urllib3 | January 28, 2026 |
| RHSA-2025:1335 | (RHSA-2025:1335) Important: RHUI 4.11 security, bugfix, and enhancement update | February 12, 2025 |
| RHSA-2024:1878 | (RHSA-2024:1878) Moderate: RHUI 4.8 Release - Security Updates, Bug Fixes, and Enhancements | April 18, 2024 |
| RHSA-2023:4591 | (RHSA-2023:4591) Moderate: RHUI 4.5.0 release - Security, Bug Fixes, and Enhancements | August 9, 2023 |
| RHSA-2023:2101 | (RHSA-2023:2101) Moderate: RHUI 4.4.0 release - Security Fixes, Bug Fixes, and Enhancements Update | May 3, 2023 |
| RHSA-2023:0742 | (RHSA-2023:0742) Low: RHUI 4.3.0 release - Security Fixes, Bug Fixes, and Enhancements Update | February 13, 2023 |
| RHSA-2022:5602 | (RHSA-2022:5602) Important: RHUI 4.1.1 release - Security Fixes and Enhancement Update | July 19, 2022 |
By the Year
In 2026 there have been 0 vulnerabilities in Red Hat Rhui. Last year, in 2025 Rhui had 2 security vulnerabilities published. Right now, Rhui is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 6.90 |
| 2024 | 4 | 7.50 |
It may take a day or so for new Rhui vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Rhui Security Vulnerabilities
Heap Buffer Overread in util-linux setpwnam() (256-byte usernames)
CVE-2025-14104
6.1 - Medium
- December 05, 2025
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
Out-of-bounds Read
Glib Heap Buffer Overflow in g_escape_uri_string()
CVE-2025-13601
7.7 - High
- November 26, 2025
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
Integer Overflow or Wraparound
Auth Bypass in Pulpcore v3.0+ via Gunicorn <=22.0 + mod_proxy
CVE-2024-7923
- September 04, 2024
An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access.
authentification
Pulp RBAC flaw causes improper perms via AutoAddObjPermsMixin (CVE-2024-7143)
CVE-2024-7143
- August 07, 2024
A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing.
Insecure Inherited Permissions
python-cryptography: Remote Decryption of TLS RSA Exchanges
CVE-2023-50782
7.5 - High
- February 05, 2024
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
Observable Timing Discrepancy
Remote Decrypt in TLS RSA via M2Crypto: CVE-2023-50781
CVE-2023-50781
7.5 - High
- February 05, 2024
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
Observable Timing Discrepancy
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Rhui or by Red Hat? Click the Watch button to subscribe.
