Centos

This hub aggregates every CVE we track for Centos, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Centos.

• CVE-2026-46243smb: client: reject userspace cifs.spnego descriptions7.1Jun 1, 2026
• CVE-2026-43284xfrm: esp: avoid in-place decrypt on shared skb frags8.8May 8, 2026
• CVE-2024-1722Keycloak-core: dos via account lockout3.7Feb 27, 2024
• CVE-2022-38473A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird <...8.8Dec 22, 2022
• CVE-2022-2526A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the referenc...9.8Sep 9, 2022
• CVE-2022-2639An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sf...7.8Sep 1, 2022
• CVE-2021-4218A flaw was found in the Linux kernel’s implementation of reading the SVC RDMA counters. Reading the counter sysctl panics the system. This flaw allows a local attacker with local access to cause ...5.5Aug 24, 2022
• CVE-2022-29154An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories ar...7.4Aug 2, 2022
• CVE-2021-4034A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users acc...KEV7.8Jan 28, 2022
• CVE-2021-23992Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user...4.3Jun 24, 2021
• CVE-2020-5291Privilege escalation in setuid mode via user namespaces in Bubblewrap7.2Mar 31, 2020
• CVE-2012-4512The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "...8.8Feb 8, 2020
• CVE-2011-3145mount.ecrpytfs_private sets group owner of /etc/mtab to user's primary group3.8Apr 22, 2019
• CVE-2017-1000253Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability...KEV7.8Oct 4, 2017
• CVE-2016-2384Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibl...4.6Apr 27, 2016