Redhat Hardened Images — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Hardened Images, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (31)
CVE-2026-0966 — CVSS 8.2 (high): A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This…
CVE-2026-4775 — CVSS 7.8 (high): A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the…
CVE-2025-14821 — CVSS 7.8 (high): A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell)…
CVE-2026-6846 — CVSS 7.8 (high): A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object…
CVE-2026-48864 — CVSS 7.8 (high): A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within…
CVE-2026-1584 — CVSS 7.5 (high): A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello…
CVE-2026-5121 — CVSS 7.5 (high): A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A…
CVE-2026-4424 — CVSS 7.5 (high): A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper…
CVE-2026-42009 — CVSS 7.5 (high): A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering…
CVE-2026-42010 — CVSS 7.1 (high): A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames…
CVE-2026-13595 — CVSS 6.8 (medium): A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare…
CVE-2026-9150 — CVSS 6.5 (medium): A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing…
CVE-2026-9149 — CVSS 6.5 (medium): A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file…
CVE-2026-3833 — CVSS 6.5 (medium): A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels…
CVE-2026-6732 — CVSS 6.5 (medium): A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated…
CVE-2026-4426 — CVSS 6.5 (medium): A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation…
CVE-2026-0964 — CVSS 6.3 (medium): A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory…
CVE-2026-13757 — CVSS 6.2 (medium): A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_a…
CVE-2026-0990 — CVSS 5.9 (medium): A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI…
CVE-2026-6844 — CVSS 5.5 (medium): A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS)…
CVE-2026-5745 — CVSS 5.5 (medium): A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the…
CVE-2026-2100 — CVSS 5.3 (medium): A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with…
CVE-2026-5704 — CVSS 5.0 (medium): A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file…
CVE-2026-6845 — CVSS 5.0 (medium): A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of…
CVE-2026-55653 — CVSS 4.3 (medium): A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX)…
CVE-2026-2625 — CVSS 4.0 (medium): A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager…
CVE-2026-55654 — CVSS 3.7 (low): A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service…
CVE-2026-0989 — CVSS 3.7 (low): A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a…
CVE-2026-3832 — CVSS 3.7 (low): A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status…
CVE-2026-3184 — CVSS 3.7 (low): A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify…
CVE-2026-0992 — CVSS 2.9 (low): A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that…